In startInputUncheckedLocked of InputMethodManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 2594.0, "function_hash": "328756559056363736240288393718983206414" }, "id": "ASB-A-154913391-24585dcf", "source": "https://android.googlesource.com/platform/frameworks/base/+/2b859826165bddb11f17b217d097253c442f6045", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/inputmethod/InputMethodManagerService.java", "function": "InputMethodManagerService" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "216482703823161109145227854835665407228", "131886455104698380746336319833428211314", "34037465032239172369573958754242167795", "136825602570977326772375979276046573494", "85619916009330654252026204424048007245", "18785638430865662275888743767305726493", "88715757901795299911352510297283054976", "189309108567007138940271885352286864015" ] }, "id": "ASB-A-154913391-3c30b718", "source": "https://android.googlesource.com/platform/frameworks/base/+/2b859826165bddb11f17b217d097253c442f6045", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/inputmethod/InputMethodManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 3670.0, "function_hash": "281340576495868432474746744787425747138" }, "id": "ASB-A-154913391-8fd1e07a", "source": "https://android.googlesource.com/platform/frameworks/base/+/2b859826165bddb11f17b217d097253c442f6045", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/inputmethod/InputMethodManagerService.java", "function": "startInputUncheckedLocked" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/2b859826165bddb11f17b217d097253c442f6045" ], "spl": "2022-09-01", "severity": "Moderate", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 3670.0, "function_hash": "281340576495868432474746744787425747138" }, "id": "ASB-A-154913391-0f98456c", "source": "https://android.googlesource.com/platform/frameworks/base/+/2b859826165bddb11f17b217d097253c442f6045", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/inputmethod/InputMethodManagerService.java", "function": "startInputUncheckedLocked" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "216482703823161109145227854835665407228", "131886455104698380746336319833428211314", "34037465032239172369573958754242167795", "136825602570977326772375979276046573494", "85619916009330654252026204424048007245", "18785638430865662275888743767305726493", "88715757901795299911352510297283054976", "189309108567007138940271885352286864015" ] }, "id": "ASB-A-154913391-88e0f845", "source": "https://android.googlesource.com/platform/frameworks/base/+/2b859826165bddb11f17b217d097253c442f6045", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/inputmethod/InputMethodManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 2594.0, "function_hash": "328756559056363736240288393718983206414" }, "id": "ASB-A-154913391-e77c20bb", "source": "https://android.googlesource.com/platform/frameworks/base/+/2b859826165bddb11f17b217d097253c442f6045", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/inputmethod/InputMethodManagerService.java", "function": "InputMethodManagerService" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/2b859826165bddb11f17b217d097253c442f6045" ], "spl": "2022-09-01", "severity": "Moderate", "types": [ "ID" ] }