Headline
CVE-2023-21276
In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
)]}’ { "commit": "1272eec833fb49c30a4d8bdc432765e7c4413b3f", "tree": "884d0ae6f1bf31532ad8935459591f6336479e80", "parents": [ “badb243574d7fca9aa89152d9d25eeb4f8615385” ], "author": { "name": "Lee Shombert", "email": "[email protected]", "time": “Fri May 19 15:52:00 2023 -0700” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu Jun 08 20:34:32 2023 +0000” }, "message": "Remove unnecessary padding code\n\nBug: 213170822\n\nRemove the code that CursorWindow::writeToParcel() uses to ensure slot\ndata is 4-byte aligned. Because mAllocOffset and mSlotsOffset are\nalready 4-byte aligned, the alignment step here is unnecessary.\n\nCursorWindow::spaceInUse() returns the total space used. The tests\nverify that the total space used is always a multiple of 4 bytes.\n\nTest: atest\n * libandroidfw_tests\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5d4afa0986cbc440f458b4b8db05fd176ef3e6d2)\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5b0232d7e1c2087839d9bc029943c8780b2484ab)\nMerged-In: I720699093d5c5a584283e5b76851938f449ffa21\nChange-Id: I720699093d5c5a584283e5b76851938f449ffa21\n", "tree_diff": [ { "type": "modify", "old_id": "3527eeead1d590cd7d9431566b4d44e3ae11510f", "old_mode": 33188, "old_path": "libs/androidfw/CursorWindow.cpp", "new_id": "2a6dc7b95c073073c5c96c5978d649a1d6c3c3e5", "new_mode": 33188, "new_path": “libs/androidfw/CursorWindow.cpp” }, { "type": "modify", "old_id": "6e55a9a0eb8b9ed739ed8ce890cf02055405378b", "old_mode": 33188, "old_path": "libs/androidfw/include/androidfw/CursorWindow.h", "new_id": "9ec026a19c4cfaaac02be32e68a07b23070bc9ab", "new_mode": 33188, "new_path": “libs/androidfw/include/androidfw/CursorWindow.h” }, { "type": "modify", "old_id": "15be80c481926d6406fefbd3fb0e65b2fad107db", "old_mode": 33188, "old_path": "libs/androidfw/tests/CursorWindow_test.cpp", "new_id": "9ac427b66cb3c96ab7ed5cae9d4f32459360faa3", "new_mode": 33188, "new_path": “libs/androidfw/tests/CursorWindow_test.cpp” } ] }
Related news
In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.