ASB-A-210065877
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-210065877.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-210065877
- Aliases
-
- A-210065877
- CVE-2022-20450
- Published
- 2022-11-01T00:00:00Z
- Modified
- 2026-04-30T15:48:46.890647Z
- Summary
- [none]
- Details
-
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"spl": "2022-11-01",
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"length": 10816.0,
"function_hash": "313395618697061706143828738755605122814"
},
"id": "ASB-A-210065877-7f44be55",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/f11f26c0121152ffa5c8493ebbedb9fd369ec6c4",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java",
"function": "restorePermissionState"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"70337220111095111239554531117300270560",
"37680386246374956347998185350697731801",
"194092347827170068529915649080525668756",
"37904075820297233052904941461534405475"
],
"threshold": 0.9
},
"id": "ASB-A-210065877-82e03571",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/f11f26c0121152ffa5c8493ebbedb9fd369ec6c4",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"192329061750754579635130939936978434760",
"180845804502122717465318985068976461465",
"177498258042140996260575903969205252874",
"157672850619058297516428766977646296191",
"49957728695482223994996026688992799860",
"155700006602593996535553090055359115192",
"189503656619447869696913099614599607398",
"332805842555046017036491288664338011557",
"52131025358373768466184263356344105817",
"138745309758142223385199693376003711444",
"291971255444764233347146488762018284859",
"349162356191215844468090734286535060",
"163690546655641809481703346611962914311",
"173906844637934707168991241424116221235",
"171342722970669750398215088449046445017",
"293841873522683363379165884003241045615",
"156316419184537633419863264451999548929",
"198141498415930033094452607809662987630",
"60549211253879352751947260189873568675",
"191085721430628901071938960134422239855",
"236732265184660035366467935863000898408",
"75407180318704451699303769443305508093"
],
"threshold": 0.9
},
"id": "ASB-A-210065877-b9c7d2ac",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/f11f26c0121152ffa5c8493ebbedb9fd369ec6c4",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"140733965518960597410749120412513228337",
"133000066657174067784792790976086256649"
],
"threshold": 0.9
},
"id": "ASB-A-210065877-d5ede725",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/f11f26c0121152ffa5c8493ebbedb9fd369ec6c4",
"target": {
"file": "services/core/java/android/content/pm/PackageManagerInternal.java"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/f11f26c0121152ffa5c8493ebbedb9fd369ec6c4"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"spl": "2022-11-01",
"vanir_signatures": [
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"204068925692065732622297449105718764950",
"189002681868105969675858536182292719692",
"27119499515421481643088173525291392512",
"309020344221767103913966043106851831373",
"94532263032810138178452766913210053001",
"145770841673157355582929213949103756484",
"121858566232927313939010965935187168921",
"177498258042140996260575903969205252874",
"157672850619058297516428766977646296191",
"122586252879616957845736246789726967874",
"49295243026898906572170636147125349825",
"140287879494077765913243099683714685357",
"338583801412692770865376243698492200826",
"312154753232476171165435569596566928389",
"251327487216216132552046834505879001760",
"272786978245618890801536400053749027092",
"16755325034230407185356123000104119490",
"266325398593348129313837249785764061006",
"81183483232826653128425546244167158126",
"89583781141578730997026421727059260226",
"137025581340638661145686941050757022756",
"247875880308441436746754417505263827341",
"107383290604112603127335460872191143314",
"259745650538462562304317647837850807378",
"110635991185879868564817031942272871690",
"81522928803926506048863656976925063374",
"233020365937013684941229783684964983097",
"68476467424128480975241919625541521298",
"52764643450515969104304985049234796646",
"62950841911947415746268478580969992406",
"236732265184660035366467935863000898408",
"75407180318704451699303769443305508093",
"108587633537507210242609878158511307392",
"223346374230332314202607025582642319083",
"25769565521317829918966238158725570349",
"35018291119125253438113329575662430308",
"51657818545401116001910514239752911792",
"277889238348594391941544173186934120630",
"212104117500095294343351554471806212485",
"256620539703273529247375758003833936612"
],
"threshold": 0.9
},
"id": "ASB-A-210065877-0d418034",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/23aac9cb8eb4545a79bafef3c14864e0aa59e228",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 8765.0,
"function_hash": "122957904428876774460389341088842378663"
},
"id": "ASB-A-210065877-fe0a9f79",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/23aac9cb8eb4545a79bafef3c14864e0aa59e228",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java",
"function": "restorePermissionState"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/23aac9cb8eb4545a79bafef3c14864e0aa59e228"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"spl": "2022-11-01",
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"length": 8765.0,
"function_hash": "122957904428876774460389341088842378663"
},
"id": "ASB-A-210065877-5d9ce940",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/dd48aab843ff7b19fa5fbde987d84b76c92922f2",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java",
"function": "restorePermissionState"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"204068925692065732622297449105718764950",
"189002681868105969675858536182292719692",
"27119499515421481643088173525291392512",
"309020344221767103913966043106851831373",
"94532263032810138178452766913210053001",
"145770841673157355582929213949103756484",
"121858566232927313939010965935187168921",
"177498258042140996260575903969205252874",
"157672850619058297516428766977646296191",
"122586252879616957845736246789726967874",
"49295243026898906572170636147125349825",
"140287879494077765913243099683714685357",
"338583801412692770865376243698492200826",
"312154753232476171165435569596566928389",
"251327487216216132552046834505879001760",
"272786978245618890801536400053749027092",
"16755325034230407185356123000104119490",
"266325398593348129313837249785764061006",
"81183483232826653128425546244167158126",
"89583781141578730997026421727059260226",
"137025581340638661145686941050757022756",
"247875880308441436746754417505263827341",
"107383290604112603127335460872191143314",
"259745650538462562304317647837850807378",
"110635991185879868564817031942272871690",
"81522928803926506048863656976925063374",
"233020365937013684941229783684964983097",
"68476467424128480975241919625541521298",
"52764643450515969104304985049234796646",
"62950841911947415746268478580969992406",
"236732265184660035366467935863000898408",
"75407180318704451699303769443305508093",
"108587633537507210242609878158511307392",
"223346374230332314202607025582642319083",
"25769565521317829918966238158725570349",
"35018291119125253438113329575662430308",
"51657818545401116001910514239752911792",
"277889238348594391941544173186934120630",
"212104117500095294343351554471806212485",
"256620539703273529247375758003833936612"
],
"threshold": 0.9
},
"id": "ASB-A-210065877-90f2fda1",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/dd48aab843ff7b19fa5fbde987d84b76c92922f2",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/dd48aab843ff7b19fa5fbde987d84b76c92922f2"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"spl": "2022-11-01",
"vanir_signatures": [
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"204068925692065732622297449105718764950",
"189002681868105969675858536182292719692",
"27119499515421481643088173525291392512",
"309020344221767103913966043106851831373",
"94532263032810138178452766913210053001",
"145770841673157355582929213949103756484",
"121858566232927313939010965935187168921",
"177498258042140996260575903969205252874",
"157672850619058297516428766977646296191",
"122586252879616957845736246789726967874",
"49295243026898906572170636147125349825",
"140287879494077765913243099683714685357",
"338583801412692770865376243698492200826",
"312154753232476171165435569596566928389",
"251327487216216132552046834505879001760",
"272786978245618890801536400053749027092",
"16755325034230407185356123000104119490",
"266325398593348129313837249785764061006",
"81183483232826653128425546244167158126",
"89583781141578730997026421727059260226",
"137025581340638661145686941050757022756",
"247875880308441436746754417505263827341",
"107383290604112603127335460872191143314",
"259745650538462562304317647837850807378",
"110635991185879868564817031942272871690",
"81522928803926506048863656976925063374",
"233020365937013684941229783684964983097",
"68476467424128480975241919625541521298",
"52764643450515969104304985049234796646",
"62950841911947415746268478580969992406",
"236732265184660035366467935863000898408",
"75407180318704451699303769443305508093",
"108587633537507210242609878158511307392",
"223346374230332314202607025582642319083",
"25769565521317829918966238158725570349",
"35018291119125253438113329575662430308",
"51657818545401116001910514239752911792",
"277889238348594391941544173186934120630",
"212104117500095294343351554471806212485",
"256620539703273529247375758003833936612"
],
"threshold": 0.9
},
"id": "ASB-A-210065877-1e2ada85",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/41dc761e081d8c6de48ddc3b960e12e4fd24c8b7",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 9214.0,
"function_hash": "49249527759310573510656247232703678512"
},
"id": "ASB-A-210065877-7f63d209",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/41dc761e081d8c6de48ddc3b960e12e4fd24c8b7",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java",
"function": "restorePermissionState"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/41dc761e081d8c6de48ddc3b960e12e4fd24c8b7"
]
}