ASB-A-208279300

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-208279300.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-208279300

Aliases

A-208279300
CVE-2022-20197
PUB-A-208279300

Published

2022-09-01T00:00:00Z

Modified

2024-11-06T12:16:03.231308Z

Summary

[none]

Details

In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13-next:0

Fixed

13-next:2022-09-01

Affected versions

Other

13-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 407.0,
                "function_hash": "295972483992823207807516585320029458283"
            },
            "id": "ASB-A-208279300-7b603131",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/011dda6e011aaba1112932576ae4080e10200d7c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/os/Parcel.java",
                "function": "recycle"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "316753909301305578740771338963451125640",
                    "86906117398184293737935705669161310446",
                    "289190745808397464931819942032085311598",
                    "134496265879813177300596224622561904500"
                ]
            },
            "id": "ASB-A-208279300-aca52d55",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/011dda6e011aaba1112932576ae4080e10200d7c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/os/Parcel.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/011dda6e011aaba1112932576ae4080e10200d7c"
    ],
    "spl": "2022-09-01",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10:0

Fixed

10:2022-09-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "190755855770731689962267435101096468959",
                    "86906117398184293737935705669161310446",
                    "212459028660422030325060857746225986007",
                    "181767102729186952030736973014346787129"
                ]
            },
            "id": "ASB-A-208279300-3c72f1f6",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b5c79e141a81fa86fc834980d46886ac3c86ab11",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/os/Parcel.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 331.0,
                "function_hash": "112903846374738674508434243132211659513"
            },
            "id": "ASB-A-208279300-d26c01b1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b5c79e141a81fa86fc834980d46886ac3c86ab11",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/os/Parcel.java",
                "function": "recycle"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/b5c79e141a81fa86fc834980d46886ac3c86ab11"
    ],
    "spl": "2022-09-01",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11:0

Fixed

11:2022-09-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 331.0,
                "function_hash": "112903846374738674508434243132211659513"
            },
            "id": "ASB-A-208279300-7fb5111a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b5c79e141a81fa86fc834980d46886ac3c86ab11",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/os/Parcel.java",
                "function": "recycle"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "190755855770731689962267435101096468959",
                    "86906117398184293737935705669161310446",
                    "212459028660422030325060857746225986007",
                    "181767102729186952030736973014346787129"
                ]
            },
            "id": "ASB-A-208279300-f0771b2f",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b5c79e141a81fa86fc834980d46886ac3c86ab11",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/os/Parcel.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/b5c79e141a81fa86fc834980d46886ac3c86ab11"
    ],
    "spl": "2022-09-01",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12:0

Fixed

12:2022-09-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 331.0,
                "function_hash": "112903846374738674508434243132211659513"
            },
            "id": "ASB-A-208279300-2231feec",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b5c79e141a81fa86fc834980d46886ac3c86ab11",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/os/Parcel.java",
                "function": "recycle"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "190755855770731689962267435101096468959",
                    "86906117398184293737935705669161310446",
                    "212459028660422030325060857746225986007",
                    "181767102729186952030736973014346787129"
                ]
            },
            "id": "ASB-A-208279300-dccf1c9b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b5c79e141a81fa86fc834980d46886ac3c86ab11",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/os/Parcel.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/b5c79e141a81fa86fc834980d46886ac3c86ab11"
    ],
    "spl": "2022-09-01",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12L:0

Fixed

12L:2022-09-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "271829008703992931818398218078023132919",
                    "86906117398184293737935705669161310446",
                    "289190745808397464931819942032085311598",
                    "134496265879813177300596224622561904500"
                ]
            },
            "id": "ASB-A-208279300-3833ed4d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/46770fa49c9a5e51a5ea5a3afc7aab0dba2e59bd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/os/Parcel.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 407.0,
                "function_hash": "295972483992823207807516585320029458283"
            },
            "id": "ASB-A-208279300-78d30772",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/46770fa49c9a5e51a5ea5a3afc7aab0dba2e59bd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/os/Parcel.java",
                "function": "recycle"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/46770fa49c9a5e51a5ea5a3afc7aab0dba2e59bd"
    ],
    "spl": "2022-09-01",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}