{"id":"ASB-A-299930871","details":"In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-299930871","CVE-2023-45777"],"modified":"2026-04-24T15:37:38.793646Z","published":"2023-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/f4644b55d36a549710ba35b6fb797ba744807da6"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-12-01"}]}],"versions":["14-next"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/8476b140eed0235df4e8f07d94420a1471191b55","signature_type":"Line","target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","id":"ASB-A-299930871-41663f73","digest":{"line_hashes":["105742063094871766937010577244347100362","41831547722346298418863001400473844494","210507454749626293904794193921105781012","171630030037310044988416393019877335182"],"threshold":0.9},"deprecated":true},{"source":"https://android.googlesource.com/platform/frameworks/base/+/8476b140eed0235df4e8f07d94420a1471191b55","signature_type":"Function","target":{"function":"checkKeyIntentParceledCorrectly","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","id":"ASB-A-299930871-7bbfd9e5","digest":{"length":724,"function_hash":"5312624277853522920463986731625181836"},"deprecated":true}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/7a24a283a360e816d2bfb2aa124c4eb2efd1be61","https://android.googlesource.com/platform/frameworks/base/+/8476b140eed0235df4e8f07d94420a1471191b55"],"severity":"High","types":["EoP"],"spl":"2023-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-299930871.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-12-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/8476b140eed0235df4e8f07d94420a1471191b55","signature_type":"Line","target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","id":"ASB-A-299930871-79cbb13c","digest":{"line_hashes":["105742063094871766937010577244347100362","41831547722346298418863001400473844494","210507454749626293904794193921105781012","171630030037310044988416393019877335182"],"threshold":0.9},"deprecated":true},{"source":"https://android.googlesource.com/platform/frameworks/base/+/8476b140eed0235df4e8f07d94420a1471191b55","signature_type":"Function","target":{"function":"checkKeyIntentParceledCorrectly","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","id":"ASB-A-299930871-ea7ab32b","digest":{"length":724,"function_hash":"5312624277853522920463986731625181836"},"deprecated":true}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/7a24a283a360e816d2bfb2aa124c4eb2efd1be61","https://android.googlesource.com/platform/frameworks/base/+/8476b140eed0235df4e8f07d94420a1471191b55"],"severity":"High","types":["EoP"],"spl":"2023-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-299930871.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2023-12-01"}]}],"versions":["14"],"ecosystem_specific":{"vanir_signatures":[{"match_only_versions":["14"],"source":"https://android.googlesource.com/platform/frameworks/base/+/7a24a283a360e816d2bfb2aa124c4eb2efd1be61","id":"ASB-A-299930871-ba1013eb","signature_type":"Line","target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","digest":{"line_hashes":["284645906073750632685697538823996009341","285758355853553288136460222232517894852","249520830598242276603421062396672184894","118063220515672952178012219922957877184"],"threshold":0.9},"deprecated":false},{"match_only_versions":["14"],"source":"https://android.googlesource.com/platform/frameworks/base/+/7a24a283a360e816d2bfb2aa124c4eb2efd1be61","id":"ASB-A-299930871-c6f16cfe","signature_type":"Function","target":{"function":"checkKeyIntentParceledCorrectly","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","digest":{"length":785,"function_hash":"42442705007644212017595812178236325751"},"deprecated":false}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/7a24a283a360e816d2bfb2aa124c4eb2efd1be61"],"severity":"High","types":["EoP"],"spl":"2023-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-299930871.json"}}],"schema_version":"1.7.5"}