{"id":"PUB-A-242688355","details":"In setPowerMode of HWC2.cpp, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-242688355","CVE-2023-21031"],"modified":"2026-05-01T15:24:27.653932Z","published":"2023-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-06-01"}],"affected":[{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-06-01"}]}],"versions":["13-next"],"ecosystem_specific":{"spl":"2023-06-01","fixes":["https://android.googlesource.com/platform/frameworks/native/+/27fbcc77f3bc48845f726842a02cbc19f88b9f52"],"severity":"Moderate","types":["ID"],"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["33495811549115387341979240179425135881","61958390961171673384975798417766857766","120562728741855839204497229555982404717","203919017499362894163503517427077766290","320366812282891473350042285327476670418"]},"deprecated":false,"match_only_versions":["13-next"],"id":"PUB-A-242688355-22aad768","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/native/+/27fbcc77f3bc48845f726842a02cbc19f88b9f52","target":{"file":"services/surfaceflinger/tests/unittests/mock/DisplayHardware/MockHWC2.h"},"signature_type":"Line"},{"digest":{"function_hash":"157125633369773047957429976272898144915","length":979},"deprecated":false,"match_only_versions":["13-next"],"id":"PUB-A-242688355-22de278e","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/native/+/27fbcc77f3bc48845f726842a02cbc19f88b9f52","target":{"function":"Display::setPowerMode","file":"services/surfaceflinger/DisplayHardware/HWC2.cpp"},"signature_type":"Function"},{"digest":{"function_hash":"213749973737932446133009226460850194458","length":204},"deprecated":false,"match_only_versions":["13-next"],"id":"PUB-A-242688355-7569be82","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/native/+/27fbcc77f3bc48845f726842a02cbc19f88b9f52","target":{"function":"HWComposer::hasDisplayCapability","file":"services/surfaceflinger/DisplayHardware/HWComposer.cpp"},"signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["183867197781719420183526350388142741810","271565464551953188309496457836893385534","205006933507200714325628356867685996939","268243795446332751386337138854329256252","60923226780260404713087809470412204335","257503875835049351695140849125410258807","31256956972054741214950924011968655646","124791664496880097511777015880614697080","339969933236648525813181626931187987549","5606396080952096506067248039691547098","177368733964337531621062941152787939274","60585692908083708142959537047127179748","284226825363119108093975274998271572900","209549864686671641813690812037820991752","166411239129360227581534816926339842208","167065952634923323621247007374465332021","74807939363459292083084939562466779029","245471441394332739129346019979232931778","275254497375221662614420569068767732906","279561054132344755898275908212791169821","235031089423170383954429063817976623558"]},"deprecated":false,"match_only_versions":["13-next"],"id":"PUB-A-242688355-9f3fec72","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/native/+/27fbcc77f3bc48845f726842a02cbc19f88b9f52","target":{"file":"services/surfaceflinger/DisplayHardware/HWC2.h"},"signature_type":"Line"},{"digest":{"threshold":0.9,"line_hashes":["205199001891935344346662076541449877945","44378620025623571795636972460894008717","100826498563724975438955878083654488082","116901095575256861297695869039031877928"]},"deprecated":false,"match_only_versions":["13-next"],"id":"PUB-A-242688355-a634d85a","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/native/+/27fbcc77f3bc48845f726842a02cbc19f88b9f52","target":{"file":"services/surfaceflinger/DisplayHardware/HWComposer.cpp"},"signature_type":"Line"},{"digest":{"threshold":0.9,"line_hashes":["154698457405220020802342173406543091356","209693930760528337502435027894043296198","185205236567484097241447121426620698212","186555868184623279351510942286028769783","27217742525690168678222545364658721398","221729450085184900252576439322346770688","22451223992408778282360072035127566736","210634536166317556297038545728775074616","122752889015936866468272215425844593847","307710587414647780143190114342337387970","101278800659768228955771518068409814259","146574622352996241942495246208233910939","206028448598612158302517790818992685664","328459976483098256155638438570259040926","311630929973599413401485750061954750376","286080049779116472076170722103621837661","186627071045184718981224050932164264","178211635728874891033627345034608205631","45254819939358977535782638176133262762","114006404029949531024158839904196391633"]},"deprecated":false,"match_only_versions":["13-next"],"id":"PUB-A-242688355-b630b9a2","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/native/+/27fbcc77f3bc48845f726842a02cbc19f88b9f52","target":{"file":"services/surfaceflinger/DisplayHardware/HWC2.cpp"},"signature_type":"Line"},{"digest":{"function_hash":"16958391470744563554495151090687703776","length":155},"deprecated":false,"match_only_versions":["13-next"],"id":"PUB-A-242688355-dbd1f652","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/native/+/27fbcc77f3bc48845f726842a02cbc19f88b9f52","target":{"function":"Display::supportsDoze","file":"services/surfaceflinger/DisplayHardware/HWC2.cpp"},"signature_type":"Function"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-242688355.json"}},{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-06-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2023-06-01","fixes":["https://android.googlesource.com/platform/frameworks/native/+/27fbcc77f3bc48845f726842a02cbc19f88b9f52"],"severity":"Moderate","types":["ID"],"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["183867197781719420183526350388142741810","271565464551953188309496457836893385534","205006933507200714325628356867685996939","268243795446332751386337138854329256252","60923226780260404713087809470412204335","257503875835049351695140849125410258807","31256956972054741214950924011968655646","124791664496880097511777015880614697080","339969933236648525813181626931187987549","5606396080952096506067248039691547098","177368733964337531621062941152787939274","60585692908083708142959537047127179748","284226825363119108093975274998271572900","209549864686671641813690812037820991752","166411239129360227581534816926339842208","167065952634923323621247007374465332021","74807939363459292083084939562466779029","245471441394332739129346019979232931778","275254497375221662614420569068767732906","279561054132344755898275908212791169821","235031089423170383954429063817976623558"]},"deprecated":false,"match_only_versions":["13"],"id":"PUB-A-242688355-22c2d0ea","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/native/+/27fbcc77f3bc48845f726842a02cbc19f88b9f52","target":{"file":"services/surfaceflinger/DisplayHardware/HWC2.h"},"signature_type":"Line"},{"digest":{"function_hash":"157125633369773047957429976272898144915","length":979},"deprecated":false,"match_only_versions":["13"],"id":"PUB-A-242688355-2931a14d","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/native/+/27fbcc77f3bc48845f726842a02cbc19f88b9f52","target":{"function":"Display::setPowerMode","file":"services/surfaceflinger/DisplayHardware/HWC2.cpp"},"signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["33495811549115387341979240179425135881","61958390961171673384975798417766857766","120562728741855839204497229555982404717","203919017499362894163503517427077766290","320366812282891473350042285327476670418"]},"deprecated":false,"match_only_versions":["13"],"id":"PUB-A-242688355-3089a673","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/native/+/27fbcc77f3bc48845f726842a02cbc19f88b9f52","target":{"file":"services/surfaceflinger/tests/unittests/mock/DisplayHardware/MockHWC2.h"},"signature_type":"Line"},{"digest":{"function_hash":"213749973737932446133009226460850194458","length":204},"deprecated":false,"match_only_versions":["13"],"id":"PUB-A-242688355-3ab4294f","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/native/+/27fbcc77f3bc48845f726842a02cbc19f88b9f52","target":{"function":"HWComposer::hasDisplayCapability","file":"services/surfaceflinger/DisplayHardware/HWComposer.cpp"},"signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["154698457405220020802342173406543091356","209693930760528337502435027894043296198","185205236567484097241447121426620698212","186555868184623279351510942286028769783","27217742525690168678222545364658721398","221729450085184900252576439322346770688","22451223992408778282360072035127566736","210634536166317556297038545728775074616","122752889015936866468272215425844593847","307710587414647780143190114342337387970","101278800659768228955771518068409814259","146574622352996241942495246208233910939","206028448598612158302517790818992685664","328459976483098256155638438570259040926","311630929973599413401485750061954750376","286080049779116472076170722103621837661","186627071045184718981224050932164264","178211635728874891033627345034608205631","45254819939358977535782638176133262762","114006404029949531024158839904196391633"]},"deprecated":false,"match_only_versions":["13"],"id":"PUB-A-242688355-4af0561b","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/native/+/27fbcc77f3bc48845f726842a02cbc19f88b9f52","target":{"file":"services/surfaceflinger/DisplayHardware/HWC2.cpp"},"signature_type":"Line"},{"digest":{"threshold":0.9,"line_hashes":["205199001891935344346662076541449877945","44378620025623571795636972460894008717","100826498563724975438955878083654488082","116901095575256861297695869039031877928"]},"deprecated":false,"match_only_versions":["13"],"id":"PUB-A-242688355-856f7188","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/native/+/27fbcc77f3bc48845f726842a02cbc19f88b9f52","target":{"file":"services/surfaceflinger/DisplayHardware/HWComposer.cpp"},"signature_type":"Line"},{"digest":{"function_hash":"16958391470744563554495151090687703776","length":155},"deprecated":false,"match_only_versions":["13"],"id":"PUB-A-242688355-ba9eb79b","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/native/+/27fbcc77f3bc48845f726842a02cbc19f88b9f52","target":{"function":"Display::supportsDoze","file":"services/surfaceflinger/DisplayHardware/HWC2.cpp"},"signature_type":"Function"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-242688355.json"}}],"schema_version":"1.7.5"}