{"id":"PUB-A-184847040","details":"In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-184847040","CVE-2023-21035"],"modified":"2026-04-23T15:15:38.048727Z","published":"2023-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad"}],"affected":[{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-03-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["EoP"],"spl":"2023-03-01","severity":"Moderate","vanir_signatures":[{"deprecated":false,"match_only_versions":["13"],"digest":{"function_hash":"121772509326297233808666616204060095274","length":576},"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad","signature_version":"v1","id":"PUB-A-184847040-2fb60746","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/BackupHelper.java","function":"restoreState"},"signature_type":"Function"},{"deprecated":false,"match_only_versions":["13"],"digest":{"threshold":0.9,"line_hashes":["43032228927462822342452236490762689535","15059225992926352648322423451923568173","68014523979087862551635101569879517189","229342248046384201563298567857820340628","232114699739685182005429043265396148877","20082701335626505167606038099015146283","254454615178926056880120567857553340746","103104412225771683117794613562427465100"]},"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad","signature_version":"v1","id":"PUB-A-184847040-5143e837","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/CollectionUtils.java"},"signature_type":"Line"},{"deprecated":false,"match_only_versions":["13"],"digest":{"function_hash":"254911684776159838257076422776409980238","length":586},"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad","signature_version":"v1","id":"PUB-A-184847040-733453be","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/BackupHelper.java","function":"fromAppPermissions"},"signature_type":"Function"},{"deprecated":false,"match_only_versions":["13"],"digest":{"function_hash":"22313021177170591923983578585799462512","length":117},"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad","signature_version":"v1","id":"PUB-A-184847040-877d89c0","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/BackupHelper.java","function":"BackupPackageState"},"signature_type":"Function"},{"deprecated":false,"match_only_versions":["13"],"digest":{"threshold":0.9,"line_hashes":["84843049019302761863065014092449215728","264868265656289673523769242114766418396","330272999486898339010377919508557050873","238491412444631929259607570213563032890","212335473773116938990804158033114407646","134058316672115466578326395665985276744","228512767525940964661812594906433801133","233937374947696925692218840410494002904","171144675047614504884192740912079595229","264009995128844015939027582107486172111","107083936107729207877225933750509582959","160378149280285647527448676439387697175","272189067143468548201249739342392907688","152581516656832625565662774003373965946","17420550499946334915489961918184163474","334970370657539059144312493719319344801","272797693633173649503569264023746803157","95978107259082001532038822276914454309","8818789897582096869070266549742860991","129283745040351863577189490146225506285","228729908969966056806646850418318249483","13384915708799494335160810930570058360","299412018832045862676816100797748218910","4742087960972795378123464567966795813","118381729486424510154429270416018514768","55940143718924595368152194732605773808","232750173667708018063122654624091780474","115444434307155611743719658575516868162","258208249832469845229414774678816800645","176947216730517605933724620437887834299","298840148933479489772422689021635243193","324839459591708210349174576831371353881","241313337864735710305073706758733108487","122824315743963056007668466065238333286","100893846625247827684837216972821015725","126057789561660815302145050549324193805","34713639438136822066599953981348073739","295708026625774449588549722076965171260","120074438840541939371715319936114458802","329344797790915338574761306898915614414","338909792849878972852967967565773764856","336454364212485952485312509186942841886","317947333734852680233374750952830335762","233341579077497733609931062168910746240","122867727361647026489673136368895088981","39047478053297817336745674637801629439","160709546613986628274461840001657761058","142214370399749670337290002351313537725","121506927583770159611383698574899691108","290187340577643090211833089575726309284","8086904502449774582137344794449317842","14365447657664993759865504784314100297","301245095004872445367746301117547467864","44800969953661819834564641945146190332","144180961801702456540075717018092628729","131542289587207083776604612861542654087","64067858790180593005362939125353067452","252867612429068384485880249189219544826","5734078675196224577398842139089718719","249038250807104320692266941039812661070","334085875832893933698930970825722128632","74307956833279735491709731661218543999","294133986353694889088641684558251658923","92750749618021248271968084195900611139","303542330409926398319807664756869843746","93502754692320634048537897340840167680","50944242166658100240420385617026685860","336951116393885096362166210447591258905","302618801560575942391314988469121726844","237664014145279428359701477789088744367","33514390769234739660743843800106359521","70464342963837185694733314876513059489","313785845506715615313911303745603875348","284395442707751894149293761353288195023","226056816875687927926202966320056865523","286982401824229114784767830232939707462","6261514209757005563720283717376494312","232096581946278684662878038200227974631","129715267683248418266053721892328857641","61655522085747596594871990584470030985","72963479676679129762117341839113149461","59723772430105333561426687278662221697","242286839995190536712281595258991305929","62332265159522511892652992662304330264","5215945808670779786580212120046778885","278999178717078094647009283431723847502","277455797444418779668058670147263285440","121914163835655081715333237693164135415","270299140831799103856299209921752533728","150795311814388669920580123755367611431","314326577786631519312177337308130062568","40985571648696868188356130129024669558","125907105415178325028651785125537620407","92006235680231052789865677633488235217","88502203556570426997113938840978739680","4283205366327779605153781494998329563","272506128104646525416133708195724800085","241278445286239139869287886671798826753","155932022840712717920829980852381074738","91979647387661250173676310892023414582","62825861441265738485328063170452949658","35192094060705160799670636065562508318","65899339385329711512659557262708130880","193272573877067885183576708741241119502"]},"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad","signature_version":"v1","id":"PUB-A-184847040-8e934464","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/BackupHelper.java"},"signature_type":"Line"},{"deprecated":false,"match_only_versions":["13"],"digest":{"function_hash":"38836111435667112698082018631472905594","length":392},"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad","signature_version":"v1","id":"PUB-A-184847040-8e9c048d","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/BackupHelper.java","function":"writeState"},"signature_type":"Function"},{"deprecated":false,"match_only_versions":["13"],"digest":{"function_hash":"56278284315922569464383854409474583806","length":430},"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad","signature_version":"v1","id":"PUB-A-184847040-b41d31b8","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/BackupHelper.java","function":"writeAsXml"},"signature_type":"Function"},{"deprecated":false,"match_only_versions":["13"],"digest":{"function_hash":"151632702335691916565437966936806462156","length":1031},"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad","signature_version":"v1","id":"PUB-A-184847040-f42db682","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/BackupHelper.java","function":"restoreDelayedState"},"signature_type":"Function"},{"deprecated":false,"match_only_versions":["13"],"digest":{"function_hash":"288205416372555814080559718911102546679","length":945},"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad","signature_version":"v1","id":"PUB-A-184847040-f81e396d","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/BackupHelper.java","function":"parseFromXml"},"signature_type":"Function"}],"fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-184847040.json"}}],"schema_version":"1.7.5"}