{"id":"PUB-A-254681548","details":"In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-254681548","CVE-2023-21026"],"modified":"2026-06-01T15:55:42.428303297Z","published":"2023-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/7a418bbfd67d9367c8559b8074a42ed04f14772d"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-03-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/7a418bbfd67d9367c8559b8074a42ed04f14772d","signature_type":"Function","signature_version":"v1","deprecated":false,"digest":{"function_hash":"80201801525218788707289408032071460125","length":1289},"target":{"file":"services/core/java/com/android/server/wm/WindowManagerService.java","function":"updateInputChannel"},"id":"PUB-A-254681548-cb4c68b8"},{"id":"PUB-A-254681548-e7f667d5","source":"https://android.googlesource.com/platform/frameworks/base/+/7a418bbfd67d9367c8559b8074a42ed04f14772d","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["151756177266360469892963686999850863287","251306381916280699474504591784976258553","242012094921370988225436558589673983944","223723957580976370909691533923698394043","264170301450392642203525729545814856020","134095800456344932803998435989356458406","87059782453090540356880545029940738830","328015400797600160054502451207891599278"]},"target":{"file":"services/core/java/com/android/server/wm/WindowManagerService.java"},"signature_type":"Line"}],"severity":"Moderate","types":["DoS"],"spl":"2023-03-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/7a418bbfd67d9367c8559b8074a42ed04f14772d"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-254681548.json"}}],"schema_version":"1.7.5"}