ASB-A-212467440

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-212467440.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-212467440
Aliases
  • A-212467440
  • CVE-2022-20116
Published
2022-05-01T00:00:00Z
Modified
2026-07-02T16:52:13.655137360Z
Summary
[none]
Details

In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-05-01

Affected versions

Other
12

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/b029b005d8d4122d29cffc86b752fce13b1d4da6"
    ],
    "spl": "2022-05-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}

Database specific

source
"https://storage.googleapis.com/android-osv/ASB-A-212467440.json"