ASB-A-170646036
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-170646036.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-170646036
- Aliases
-
- A-170646036
- CVE-2022-20124
- Published
- 2022-12-01T00:00:00Z
- Modified
- 2024-08-07T19:30:15.814917Z
- Summary
- [none]
- Details
-
In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"127330503220437079710711639301429071750",
"48880012800817546858442601132270849394",
"37394677783888071540816239980752954286"
]
},
"id": "ASB-A-170646036-22dd373b",
"source": "https://android.googlesource.com/platform/frameworks/base/+/7fdc96aef4e098d2271ac3a8557bd8e1ad6827f3",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 3464.0,
"function_hash": "201429292815245617374230375440999888000"
},
"id": "ASB-A-170646036-26500baa",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a7621e0ce00f1d140b375518e26cf75693314203",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java",
"function": "deletePackageX"
},
"signature_type": "Function"
},
{
"digest": {
"length": 3818.0,
"function_hash": "320352949280285539864513042256536044416"
},
"id": "ASB-A-170646036-33946b67",
"source": "https://android.googlesource.com/platform/frameworks/base/+/49d8f9325a8d103497632097010899f87f403faa",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java",
"function": "deletePackageX"
},
"signature_type": "Function"
},
{
"digest": {
"length": 3464.0,
"function_hash": "201429292815245617374230375440999888000"
},
"id": "ASB-A-170646036-36ff0325",
"source": "https://android.googlesource.com/platform/frameworks/base/+/7fdc96aef4e098d2271ac3a8557bd8e1ad6827f3",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java",
"function": "deletePackageX"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"194082553904463856800599032293466712415",
"325466741585405983929497563812367825194",
"298448803795896996175377464937350806652",
"166615219856862908950441713590713400406",
"196017788875678769309945180639071486112",
"92765342030421872790715326249377630273",
"44650291620930001939615047464136769960",
"316431161103230271084133804382668924260",
"194986933683335083198048197738316623704",
"235506599002003822382877843285059729586",
"46766537416594621686106080346424757138",
"37394677783888071540816239980752954286"
]
},
"id": "ASB-A-170646036-3d9d21bb",
"source": "https://android.googlesource.com/platform/frameworks/base/+/49d8f9325a8d103497632097010899f87f403faa",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"127330503220437079710711639301429071750",
"48880012800817546858442601132270849394",
"37394677783888071540816239980752954286"
]
},
"id": "ASB-A-170646036-8b04dd3e",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a7621e0ce00f1d140b375518e26cf75693314203",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/a7621e0ce00f1d140b375518e26cf75693314203",
"https://android.googlesource.com/platform/frameworks/base/+/49d8f9325a8d103497632097010899f87f403faa",
"https://android.googlesource.com/platform/frameworks/base/+/7fdc96aef4e098d2271ac3a8557bd8e1ad6827f3"
],
"spl": "2022-12-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"127330503220437079710711639301429071750",
"48880012800817546858442601132270849394",
"37394677783888071540816239980752954286"
]
},
"id": "ASB-A-170646036-390e6147",
"source": "https://android.googlesource.com/platform/frameworks/base/+/fbfa268d47c7915b7a87d3fef22a5b8f3bbabeb7",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"127330503220437079710711639301429071750",
"48880012800817546858442601132270849394",
"37394677783888071540816239980752954286"
]
},
"id": "ASB-A-170646036-42ebc852",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6c870e157994519094e9e50ddf93e57a26779e22",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 3780.0,
"function_hash": "247337414279009763130599702836113481980"
},
"id": "ASB-A-170646036-45eb38b5",
"source": "https://android.googlesource.com/platform/frameworks/base/+/d9089fbe06e77f5ea1773f5d69b641a81e0b5832",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java",
"function": "deletePackageX"
},
"signature_type": "Function"
},
{
"digest": {
"length": 3426.0,
"function_hash": "94088287687142817538660519691282968563"
},
"id": "ASB-A-170646036-7261c508",
"source": "https://android.googlesource.com/platform/frameworks/base/+/fbfa268d47c7915b7a87d3fef22a5b8f3bbabeb7",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java",
"function": "deletePackageX"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"194082553904463856800599032293466712415",
"314224056229181788922813607764940492886",
"29313994280375603394494746855469781729",
"81512619506987332127036764393828120990",
"265981881756136429085815561240242421512",
"92765342030421872790715326249377630273",
"44650291620930001939615047464136769960",
"316431161103230271084133804382668924260",
"194986933683335083198048197738316623704",
"235506599002003822382877843285059729586",
"46766537416594621686106080346424757138",
"37394677783888071540816239980752954286"
]
},
"id": "ASB-A-170646036-b67f1e85",
"source": "https://android.googlesource.com/platform/frameworks/base/+/d9089fbe06e77f5ea1773f5d69b641a81e0b5832",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 3426.0,
"function_hash": "94088287687142817538660519691282968563"
},
"id": "ASB-A-170646036-bd5d1ba4",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6c870e157994519094e9e50ddf93e57a26779e22",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java",
"function": "deletePackageX"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/6c870e157994519094e9e50ddf93e57a26779e22",
"https://android.googlesource.com/platform/frameworks/base/+/d9089fbe06e77f5ea1773f5d69b641a81e0b5832",
"https://android.googlesource.com/platform/frameworks/base/+/fbfa268d47c7915b7a87d3fef22a5b8f3bbabeb7"
],
"spl": "2022-12-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"127330503220437079710711639301429071750",
"48880012800817546858442601132270849394",
"37394677783888071540816239980752954286"
]
},
"id": "ASB-A-170646036-694df2b6",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6c870e157994519094e9e50ddf93e57a26779e22",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"127330503220437079710711639301429071750",
"48880012800817546858442601132270849394",
"37394677783888071540816239980752954286"
]
},
"id": "ASB-A-170646036-930f325a",
"source": "https://android.googlesource.com/platform/frameworks/base/+/fbfa268d47c7915b7a87d3fef22a5b8f3bbabeb7",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 3426.0,
"function_hash": "94088287687142817538660519691282968563"
},
"id": "ASB-A-170646036-d3f3851f",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6c870e157994519094e9e50ddf93e57a26779e22",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java",
"function": "deletePackageX"
},
"signature_type": "Function"
},
{
"digest": {
"length": 3780.0,
"function_hash": "247337414279009763130599702836113481980"
},
"id": "ASB-A-170646036-d5874206",
"source": "https://android.googlesource.com/platform/frameworks/base/+/d9089fbe06e77f5ea1773f5d69b641a81e0b5832",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java",
"function": "deletePackageX"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"194082553904463856800599032293466712415",
"314224056229181788922813607764940492886",
"29313994280375603394494746855469781729",
"81512619506987332127036764393828120990",
"265981881756136429085815561240242421512",
"92765342030421872790715326249377630273",
"44650291620930001939615047464136769960",
"316431161103230271084133804382668924260",
"194986933683335083198048197738316623704",
"235506599002003822382877843285059729586",
"46766537416594621686106080346424757138",
"37394677783888071540816239980752954286"
]
},
"id": "ASB-A-170646036-df21fd0a",
"source": "https://android.googlesource.com/platform/frameworks/base/+/d9089fbe06e77f5ea1773f5d69b641a81e0b5832",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 3426.0,
"function_hash": "94088287687142817538660519691282968563"
},
"id": "ASB-A-170646036-ee075ccf",
"source": "https://android.googlesource.com/platform/frameworks/base/+/fbfa268d47c7915b7a87d3fef22a5b8f3bbabeb7",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java",
"function": "deletePackageX"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/6c870e157994519094e9e50ddf93e57a26779e22",
"https://android.googlesource.com/platform/frameworks/base/+/d9089fbe06e77f5ea1773f5d69b641a81e0b5832",
"https://android.googlesource.com/platform/frameworks/base/+/fbfa268d47c7915b7a87d3fef22a5b8f3bbabeb7"
],
"spl": "2022-12-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"194082553904463856800599032293466712415",
"314224056229181788922813607764940492886",
"29313994280375603394494746855469781729",
"81512619506987332127036764393828120990",
"265981881756136429085815561240242421512",
"92765342030421872790715326249377630273",
"44650291620930001939615047464136769960",
"316431161103230271084133804382668924260",
"194986933683335083198048197738316623704",
"235506599002003822382877843285059729586",
"46766537416594621686106080346424757138",
"37394677783888071540816239980752954286"
]
},
"id": "ASB-A-170646036-20e3595d",
"source": "https://android.googlesource.com/platform/frameworks/base/+/d9089fbe06e77f5ea1773f5d69b641a81e0b5832",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 3780.0,
"function_hash": "247337414279009763130599702836113481980"
},
"id": "ASB-A-170646036-71c0e2ba",
"source": "https://android.googlesource.com/platform/frameworks/base/+/d9089fbe06e77f5ea1773f5d69b641a81e0b5832",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java",
"function": "deletePackageX"
},
"signature_type": "Function"
},
{
"digest": {
"length": 3426.0,
"function_hash": "94088287687142817538660519691282968563"
},
"id": "ASB-A-170646036-8f8b9b23",
"source": "https://android.googlesource.com/platform/frameworks/base/+/fbfa268d47c7915b7a87d3fef22a5b8f3bbabeb7",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java",
"function": "deletePackageX"
},
"signature_type": "Function"
},
{
"digest": {
"length": 3426.0,
"function_hash": "94088287687142817538660519691282968563"
},
"id": "ASB-A-170646036-ba1539f5",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6c870e157994519094e9e50ddf93e57a26779e22",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java",
"function": "deletePackageX"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"127330503220437079710711639301429071750",
"48880012800817546858442601132270849394",
"37394677783888071540816239980752954286"
]
},
"id": "ASB-A-170646036-fbbba21d",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6c870e157994519094e9e50ddf93e57a26779e22",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"127330503220437079710711639301429071750",
"48880012800817546858442601132270849394",
"37394677783888071540816239980752954286"
]
},
"id": "ASB-A-170646036-ff43eb84",
"source": "https://android.googlesource.com/platform/frameworks/base/+/fbfa268d47c7915b7a87d3fef22a5b8f3bbabeb7",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/6c870e157994519094e9e50ddf93e57a26779e22",
"https://android.googlesource.com/platform/frameworks/base/+/d9089fbe06e77f5ea1773f5d69b641a81e0b5832",
"https://android.googlesource.com/platform/frameworks/base/+/fbfa268d47c7915b7a87d3fef22a5b8f3bbabeb7"
],
"spl": "2022-12-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 5193.0,
"function_hash": "288706182116642159784688675982850866504"
},
"id": "ASB-A-170646036-07c95f71",
"source": "https://android.googlesource.com/platform/frameworks/base/+/ae313d6d4082089798d067f318eb068cfb6bd15d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/DeletePackageHelper.java",
"function": "deletePackageX"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"29961735311844885679495198650580819690",
"257999338713085422075433887860710905561",
"270919010389292934355690033793767538111",
"125817520226217589535995184453029986355",
"167219488060220531447016492311677866674",
"15806488617926428166605879151555785900",
"166482812433908678057078835041569136733"
]
},
"id": "ASB-A-170646036-6850eb37",
"source": "https://android.googlesource.com/platform/frameworks/base/+/ae313d6d4082089798d067f318eb068cfb6bd15d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/DeletePackageHelper.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"269410722626483146478067899420535307537",
"72564865425525203037491701968470373659",
"91180626677782766062408040908031772745",
"102603560758670707118326068068444470039",
"329738760646166792193941896194838679068",
"186025139228974346031814435587195868198",
"52707718883075094081210769665256414729",
"20088188489375509799777521058113229932",
"207794948539591998527934614670375468922",
"161644933012468610622785550715275958767",
"228775226033846879179679615327872458770",
"280603449317954856548187963217422003325",
"226131422305889470123671584979903649878",
"194986933683335083198048197738316623704",
"153492668186190904122345280920986245923",
"10857837018305112896242021845072968173",
"166482812433908678057078835041569136733"
]
},
"id": "ASB-A-170646036-844648d1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bbe5294adad72be7a838ff5962554325ac65809b",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/DeletePackageHelper.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 5705.0,
"function_hash": "17651826466171379423327113956604941076"
},
"id": "ASB-A-170646036-b46020f9",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bbe5294adad72be7a838ff5962554325ac65809b",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/DeletePackageHelper.java",
"function": "deletePackageX"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/bbe5294adad72be7a838ff5962554325ac65809b",
"https://android.googlesource.com/platform/frameworks/base/+/ae313d6d4082089798d067f318eb068cfb6bd15d"
],
"spl": "2022-12-01",
"severity": "High",
"types": [
"EoP"
]
}