ASB-A-209438553

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-209438553.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-209438553

Aliases

A-209438553
CVE-2022-20128

Published

2022-06-01T00:00:00Z

Modified

2026-04-08T15:00:25.631816Z

Summary

[none]

Details

In finishLsImpl of filesyncclient.cpp, there is a possible way to access host's files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

https://source.android.com/security/bulletin/2022-06-01

Affected packages

Android

platform/packages/modules/adb

Package

Name: platform/packages/modules/adb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12L-next:0

Fixed

12L-next:2022-06-01

Affected versions

Other

12L-next

Ecosystem specific

{
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/adb/+/f37fe345c4228613b469c60c38f20a70f872f5ee"
    ],
    "spl": "2022-06-01",
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "target": {
                "file": "client/file_sync_client.cpp"
            },
            "digest": {
                "line_hashes": [
                    "43519373372291504482562303623277054671",
                    "42513674874629715087525008961002588244",
                    "84805982387859587886263524482656592733",
                    "239497260391627227463620907319770989128"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/packages/modules/adb/+/f37fe345c4228613b469c60c38f20a70f872f5ee",
            "signature_version": "v1",
            "id": "ASB-A-209438553-21862090"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-209438553.json"

platform/system/core

Package

Name: platform/system/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10:0

Fixed

10:2022-06-01

Affected versions

Other

Ecosystem specific

{
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/system/core/+/a36a342ec9721240e5a48ca50e833b9a35bef256"
    ],
    "spl": "2022-06-01",
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "target": {
                "file": "adb/client/file_sync_client.cpp"
            },
            "digest": {
                "line_hashes": [
                    "80711276962557826394725161866216873168",
                    "60157816196309642791138344526668250644",
                    "92840156897427934868406618536527873566"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/system/core/+/a36a342ec9721240e5a48ca50e833b9a35bef256",
            "signature_version": "v1",
            "id": "ASB-A-209438553-6c17ddca"
        },
        {
            "target": {
                "function": "sync_ls",
                "file": "adb/client/file_sync_client.cpp"
            },
            "digest": {
                "function_hash": "157008758856141494333839260213242044136",
                "length": 613.0
            },
            "signature_type": "Function",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/system/core/+/a36a342ec9721240e5a48ca50e833b9a35bef256",
            "signature_version": "v1",
            "id": "ASB-A-209438553-89adb8fb"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-209438553.json"

platform/system/core

Package

Name: platform/system/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11:0

Fixed

11:2022-06-01

Affected versions

Other

Ecosystem specific

{
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/system/core/+/c3483e4c8a302e7852e0a334ffa90089337520ec"
    ],
    "spl": "2022-06-01",
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "target": {
                "file": "adb/client/file_sync_client.cpp"
            },
            "digest": {
                "line_hashes": [
                    "311354455375036835439664639259146075983",
                    "320432990438448769653751063304718429671",
                    "193387877107222459009426779786812663766"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/system/core/+/c3483e4c8a302e7852e0a334ffa90089337520ec",
            "signature_version": "v1",
            "id": "ASB-A-209438553-9f313bf4"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-209438553.json"

platform/packages/modules/adb

Package

Name: platform/packages/modules/adb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12:0

Fixed

12:2022-06-01

Affected versions

Other

Ecosystem specific

{
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/adb/+/b5ad48db08e2087310ffd31580020eb923fe12af"
    ],
    "spl": "2022-06-01",
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "target": {
                "file": "client/file_sync_client.cpp"
            },
            "digest": {
                "line_hashes": [
                    "311354455375036835439664639259146075983",
                    "320432990438448769653751063304718429671",
                    "193387877107222459009426779786812663766"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/packages/modules/adb/+/b5ad48db08e2087310ffd31580020eb923fe12af",
            "signature_version": "v1",
            "id": "ASB-A-209438553-d8133123"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-209438553.json"

platform/packages/modules/adb

Package

Name: platform/packages/modules/adb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12L:0

Fixed

12L:2022-06-01

Affected versions

Other

12L

Ecosystem specific

{
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/adb/+/9a5ee7d573e51f58153a857dac48eda4e285beda"
    ],
    "spl": "2022-06-01",
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "target": {
                "file": "client/file_sync_client.cpp"
            },
            "digest": {
                "line_hashes": [
                    "311354455375036835439664639259146075983",
                    "320432990438448769653751063304718429671",
                    "193387877107222459009426779786812663766"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/packages/modules/adb/+/9a5ee7d573e51f58153a857dac48eda4e285beda",
            "signature_version": "v1",
            "id": "ASB-A-209438553-af0223f9"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-209438553.json"