{"id":"PUB-A-267809568","details":"In getCurrentPrivilegedPackagesForAllUsers of CarrierPrivilegesTracker.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-267809568","CVE-2023-21184"],"modified":"2026-05-29T15:55:33.750044621Z","published":"2023-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-06-01"}],"affected":[{"package":{"name":"platform/frameworks/opt/telephony","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-06-01"}]}],"versions":["13-next"],"ecosystem_specific":{"severity":"Moderate","fixes":["https://android.googlesource.com/platform/frameworks/opt/telephony/+/5f2cc3b87dbc1aeb5350ad624fe4f5068eaf2f3a"],"spl":"2023-06-01","types":["EoP"],"vanir_signatures":[{"signature_type":"Function","id":"PUB-A-267809568-4034d0b5","source":"https://android.googlesource.com/platform/frameworks/opt/telephony/+/5f2cc3b87dbc1aeb5350ad624fe4f5068eaf2f3a","signature_version":"v1","target":{"file":"src/java/com/android/internal/telephony/CarrierPrivilegesTracker.java","function":"isPackagePrivileged"},"digest":{"function_hash":"5771547486773076770275120216396398533","length":460},"deprecated":false},{"signature_type":"Function","id":"PUB-A-267809568-5c0a6f32","source":"https://android.googlesource.com/platform/frameworks/opt/telephony/+/5f2cc3b87dbc1aeb5350ad624fe4f5068eaf2f3a","signature_version":"v1","target":{"file":"src/java/com/android/internal/telephony/CarrierPrivilegesTracker.java","function":"getCurrentPrivilegedPackagesForAllUsers"},"digest":{"function_hash":"201113409721399947625443452057281814487","length":361},"deprecated":false},{"signature_type":"Line","id":"PUB-A-267809568-a46c6cdd","source":"https://android.googlesource.com/platform/frameworks/opt/telephony/+/5f2cc3b87dbc1aeb5350ad624fe4f5068eaf2f3a","signature_version":"v1","target":{"file":"src/java/com/android/internal/telephony/CarrierPrivilegesTracker.java"},"digest":{"line_hashes":["133860786993307903240930719471997748662","327668188278990896461400068215585480857","270135952203417321175801858560680340778","291471331688111365999441700972870006015","163631582177775998346931319981212049298","57702665709567983532035777699280306385","151869266533203950716100223084264919027","81415990852441065919410672900707225400","99842688182736163255905431921154720261","295604800225291639323971911058942762999","24191575457373117331715467093593715473","115232715834788397362163295260313976728","94102061148820280725121907413828054894","61923593126335796033576707393177417223","25352923530947196920217051056440418006","113008113207345181749013955647458131364","12727994075362168980174449854522798626","289833324310821648102787239092038058289","37525565400142105250553726291089897329","220687770853706430826015534799852922207","299573725638367817069593312769141863625","113405483766243420886215939893988209139","76681566209410463307776797321747156844","303506172789429354404651473937046934911","147056084941642318221536053840593190489","265861306844938841039775175158867079047","193037440964125277813304146286524852161","113405483766243420886215939893988209139","105819196732736135217362003270260541981","17200717024254504266808268396833241043","148133759621197727053145612113951204935","93011993362860119027692100105914948570","113405483766243420886215939893988209139","223806271234802523021061016499458327744","108587633537507210242609878158511307392","188773964332395921629363995636504186348","193945555105656936453847297800470789796","223178474147455275682867820049089608675","249614435990149689983186371691608525356","141944508518706197675981189425905580813","136549914787974292627840592059281454288","270021213442385571659893817229155644871","44006679455793431311049063266212899625","220573612321300288990188342059682467859","67335646776396347222457528810217884483","335516299301332158460675029904294221139","113202982021298738460370170107960833090","59630037856463520692002926934246847253","332867604625726175702417694276724967666"],"threshold":0.9},"deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-267809568.json"}},{"package":{"name":"platform/frameworks/opt/telephony","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-06-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"Moderate","fixes":["https://android.googlesource.com/platform/frameworks/opt/telephony/+/405222002895c2574f79edb7c3c6af8ce603b4ba"],"spl":"2023-06-01","types":["EoP"],"vanir_signatures":[{"signature_type":"Function","id":"PUB-A-267809568-1153e381","source":"https://android.googlesource.com/platform/frameworks/opt/telephony/+/405222002895c2574f79edb7c3c6af8ce603b4ba","signature_version":"v1","target":{"file":"src/java/com/android/internal/telephony/CarrierPrivilegesTracker.java","function":"getCurrentPrivilegedPackagesForAllUsers"},"digest":{"function_hash":"201113409721399947625443452057281814487","length":361},"deprecated":false},{"signature_type":"Function","id":"PUB-A-267809568-2b7ce946","source":"https://android.googlesource.com/platform/frameworks/opt/telephony/+/405222002895c2574f79edb7c3c6af8ce603b4ba","signature_version":"v1","target":{"file":"src/java/com/android/internal/telephony/CarrierPrivilegesTracker.java","function":"isPackagePrivileged"},"digest":{"function_hash":"5771547486773076770275120216396398533","length":460},"deprecated":false},{"signature_type":"Line","id":"PUB-A-267809568-cfc4274f","source":"https://android.googlesource.com/platform/frameworks/opt/telephony/+/405222002895c2574f79edb7c3c6af8ce603b4ba","signature_version":"v1","target":{"file":"src/java/com/android/internal/telephony/CarrierPrivilegesTracker.java"},"digest":{"line_hashes":["133860786993307903240930719471997748662","327668188278990896461400068215585480857","270135952203417321175801858560680340778","291471331688111365999441700972870006015","163631582177775998346931319981212049298","57702665709567983532035777699280306385","151869266533203950716100223084264919027","81415990852441065919410672900707225400","99842688182736163255905431921154720261","295604800225291639323971911058942762999","24191575457373117331715467093593715473","115232715834788397362163295260313976728","94102061148820280725121907413828054894","61923593126335796033576707393177417223","25352923530947196920217051056440418006","113008113207345181749013955647458131364","12727994075362168980174449854522798626","289833324310821648102787239092038058289","37525565400142105250553726291089897329","220687770853706430826015534799852922207","299573725638367817069593312769141863625","113405483766243420886215939893988209139","76681566209410463307776797321747156844","303506172789429354404651473937046934911","147056084941642318221536053840593190489","265861306844938841039775175158867079047","193037440964125277813304146286524852161","113405483766243420886215939893988209139","105819196732736135217362003270260541981","17200717024254504266808268396833241043","148133759621197727053145612113951204935","93011993362860119027692100105914948570","113405483766243420886215939893988209139","223806271234802523021061016499458327744","108587633537507210242609878158511307392","188773964332395921629363995636504186348","193945555105656936453847297800470789796","223178474147455275682867820049089608675","249614435990149689983186371691608525356","141944508518706197675981189425905580813","136549914787974292627840592059281454288","270021213442385571659893817229155644871","44006679455793431311049063266212899625","220573612321300288990188342059682467859","67335646776396347222457528810217884483","335516299301332158460675029904294221139","113202982021298738460370170107960833090","59630037856463520692002926934246847253","332867604625726175702417694276724967666"],"threshold":0.9},"deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-267809568.json"}}],"schema_version":"1.7.5"}