ASB-A-197296414
- Source
- https://storage.googleapis.com/android-osv/ASB-A-197296414.json
- Aliases
-
- CVE-2022-20444
- Published
- 2023-05-01T00:00:00Z
- Modified
- 2023-09-22T14:42:17Z
- Details
-
In several functions of inputDispatcher.cpp, there is a possible way to make toasts clickable due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2023-05-01
- https://android.googlesource.com/platform/frameworks/native/+/062a867e94dbf811ccca02e7a6a0f0e36465694a
- https://android.googlesource.com/platform/frameworks/native/+/9cf4a4d4e57d059a4e4119f0a8f2a8be237f28c2
- https://android.googlesource.com/platform/frameworks/base/+/3b8aa02ba51f26161519f6465515f619e663bbbf
- https://android.googlesource.com/platform/frameworks/base/+/d100067fd62adb4648e966b3306b9a2f3b1fd38e
- https://android.googlesource.com/platform/frameworks/native/+/a066d908f6fe28e63ae49327b57fcd31d63fba2d
Affected packages
Android / platform/frameworks/base
Source Details
- Package Name
- platform/frameworks/base
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced11:0Fixed11:2023-05-01Introduced12:0Fixed12:2023-05-01
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/3b8aa02ba51f26161519f6465515f619e663bbbf",
"https://android.googlesource.com/platform/frameworks/base/+/d100067fd62adb4648e966b3306b9a2f3b1fd38e"
],
"spl": "2023-05-01",
"types": [
"EoP"
],
"severity": "High"
}
Android / platform/frameworks/native
Source Details
- Package Name
- platform/frameworks/native
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced11:0Fixed11:2023-05-01Introduced12:0Fixed12:2023-05-01
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/9cf4a4d4e57d059a4e4119f0a8f2a8be237f28c2",
"https://android.googlesource.com/platform/frameworks/native/+/062a867e94dbf811ccca02e7a6a0f0e36465694a",
"https://android.googlesource.com/platform/frameworks/native/+/a066d908f6fe28e63ae49327b57fcd31d63fba2d"
],
"spl": "2023-05-01",
"types": [
"EoP"
],
"severity": "High"
}