ASB-A-211481342
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-211481342.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-211481342
- Aliases
-
- A-211481342
- CVE-2022-20007
- Published
- 2022-05-01T00:00:00Z
- Modified
- 2025-10-13T15:01:54.398779Z
- Summary
- [none]
- Details
-
In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 2676.0,
"function_hash": "141023656693504568718303043045723289406"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/f2d4787451c80b47e6af8ebf274394e2388b713b",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityStack.java",
"function": "ensureActivitiesVisibleLocked"
},
"id": "ASB-A-211481342-488b7693",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"265567666363328009316766291779816785117",
"53907332540680031066789214734310041765",
"65749975123170630988475156044515974659",
"277523685082576573188188491059977227145"
]
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/f2d4787451c80b47e6af8ebf274394e2388b713b",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityStack.java"
},
"id": "ASB-A-211481342-dbedda50",
"signature_type": "Line"
}
],
"severity": "High",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/f2d4787451c80b47e6af8ebf274394e2388b713b"
],
"spl": "2022-05-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"251112950739181405639966719234908206255",
"83669682660985076877179443934336485651",
"315377982696257541918893411816468620441",
"259532594117829782290285516985244435434"
]
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/43b8bcc01474bce480642acae2c554393c3bfb6a",
"target": {
"file": "services/core/java/com/android/server/wm/RootWindowContainer.java"
},
"id": "ASB-A-211481342-02855573",
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"150466165244095880331522550719824410387",
"187690494053581846233170596822695292917",
"155980943428515301594614483815652663719"
]
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/43b8bcc01474bce480642acae2c554393c3bfb6a",
"target": {
"file": "services/core/java/com/android/server/wm/Task.java"
},
"id": "ASB-A-211481342-697cf09f",
"signature_type": "Line"
},
{
"digest": {
"length": 718.0,
"function_hash": "284563491099057972038320679047225312710"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/43b8bcc01474bce480642acae2c554393c3bfb6a",
"target": {
"file": "services/core/java/com/android/server/wm/EnsureActivitiesVisibleHelper.java",
"function": "process"
},
"id": "ASB-A-211481342-6d949530",
"signature_type": "Function"
},
{
"digest": {
"length": 635.0,
"function_hash": "210439674102315913179200855426206322623"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/43b8bcc01474bce480642acae2c554393c3bfb6a",
"target": {
"file": "services/core/java/com/android/server/wm/RootWindowContainer.java",
"function": "startActivityForAttachedApplicationIfNeeded"
},
"id": "ASB-A-211481342-b1719389",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"287968810090000373706026167669715480054",
"267970613735514761875446138456093310150",
"217113458273712800082966087131795558850",
"21960701325133836270128712680213658964"
]
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/43b8bcc01474bce480642acae2c554393c3bfb6a",
"target": {
"file": "services/core/java/com/android/server/wm/EnsureActivitiesVisibleHelper.java"
},
"id": "ASB-A-211481342-eb2bc714",
"signature_type": "Line"
}
],
"severity": "High",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/43b8bcc01474bce480642acae2c554393c3bfb6a"
],
"spl": "2022-05-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 678.0,
"function_hash": "259500366982923429060362355301157258769"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/51d287d831364cb158330e132cd11b4c596c04c2",
"target": {
"file": "services/core/java/com/android/server/wm/EnsureActivitiesVisibleHelper.java",
"function": "process"
},
"id": "ASB-A-211481342-1612283b",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"339002336518764212372267562421172478979",
"139327470621948964742565192560023401228",
"219767968608185639629613486298175019642"
]
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/51d287d831364cb158330e132cd11b4c596c04c2",
"target": {
"file": "services/core/java/com/android/server/wm/Task.java"
},
"id": "ASB-A-211481342-6e587282",
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"285143433293620240604462523766749455929",
"119121214563797779689665127131405081972",
"237614993053108767183977161468862875481",
"104755375363707518414171263314196612123"
]
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/51d287d831364cb158330e132cd11b4c596c04c2",
"target": {
"file": "services/core/java/com/android/server/wm/RootWindowContainer.java"
},
"id": "ASB-A-211481342-c2d64180",
"signature_type": "Line"
},
{
"digest": {
"length": 658.0,
"function_hash": "335988676261549886432472829490354396702"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/51d287d831364cb158330e132cd11b4c596c04c2",
"target": {
"file": "services/core/java/com/android/server/wm/RootWindowContainer.java",
"function": "startActivityForAttachedApplicationIfNeeded"
},
"id": "ASB-A-211481342-f2ce4290",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"324305646528481143465660489160114735470",
"253902656958495283332202878014858989385",
"110433786231047149049700391455805439041",
"293496982004747063844530705654266435028"
]
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/51d287d831364cb158330e132cd11b4c596c04c2",
"target": {
"file": "services/core/java/com/android/server/wm/EnsureActivitiesVisibleHelper.java"
},
"id": "ASB-A-211481342-fe99fe32",
"signature_type": "Line"
}
],
"severity": "High",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/51d287d831364cb158330e132cd11b4c596c04c2"
],
"spl": "2022-05-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"134863443288720454686397081544873217185",
"94859547814320681720412243322016240077",
"290486241058988899393624720413955752687",
"82352589247403428568488529382804937344"
]
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/0a4f661ec6a18a0ddc47b6d9280a10b8d16c9457",
"target": {
"file": "services/core/java/com/android/server/wm/EnsureActivitiesVisibleHelper.java"
},
"id": "ASB-A-211481342-2589d4ce",
"signature_type": "Line"
},
{
"digest": {
"length": 1647.0,
"function_hash": "149877810031112576869864301943195675410"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/0a4f661ec6a18a0ddc47b6d9280a10b8d16c9457",
"target": {
"file": "services/core/java/com/android/server/wm/EnsureActivitiesVisibleHelper.java",
"function": "process"
},
"id": "ASB-A-211481342-3291e7ec",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"285143433293620240604462523766749455929",
"119121214563797779689665127131405081972",
"237614993053108767183977161468862875481",
"104755375363707518414171263314196612123"
]
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/0a4f661ec6a18a0ddc47b6d9280a10b8d16c9457",
"target": {
"file": "services/core/java/com/android/server/wm/RootWindowContainer.java"
},
"id": "ASB-A-211481342-8aec288f",
"signature_type": "Line"
},
{
"digest": {
"length": 658.0,
"function_hash": "335988676261549886432472829490354396702"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/0a4f661ec6a18a0ddc47b6d9280a10b8d16c9457",
"target": {
"file": "services/core/java/com/android/server/wm/RootWindowContainer.java",
"function": "startActivityForAttachedApplicationIfNeeded"
},
"id": "ASB-A-211481342-ef26e9d0",
"signature_type": "Function"
}
],
"severity": "High",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/0a4f661ec6a18a0ddc47b6d9280a10b8d16c9457"
],
"spl": "2022-05-01"
}