ASB-A-213323615
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-213323615.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-213323615
- Aliases
-
- A-213323615
- CVE-2022-20392
- Published
- 2022-09-01T00:00:00Z
- Modified
- 2026-04-30T15:48:46.890647Z
- Summary
- [none]
- Details
-
In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "High",
"spl": "2022-09-01",
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"length": 2309.0,
"function_hash": "222477290850616987492039786133937418277"
},
"id": "ASB-A-213323615-65bfc3f8",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/768169a8e1b65cdd4f47fed52a8b3fff18016061",
"target": {
"file": "services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java",
"function": "parseBaseApkTags"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"171954828546494665638449620237007476146",
"138230328125735189702551647118258522300",
"66911870150652868372762664757020976034",
"126544075330880814485597373368838234029",
"161955626396984310422053415133790104868",
"44224016879351917650399198346077428727",
"258711060345342370887990952933405685337",
"317197493576894256207066853499986172570",
"246463573195658993781943180954645172040",
"145317144895435869522785638478994222335",
"178436679841938312293330076258015284872",
"118113043254339526114670024925213760415",
"184619219455531940373010508355025659920",
"93343326006408052363045059849964387748",
"325322957684507868993071065258824276295",
"286047412350252109457618375108665998574"
],
"threshold": 0.9
},
"id": "ASB-A-213323615-865932be",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/768169a8e1b65cdd4f47fed52a8b3fff18016061",
"target": {
"file": "services/core/java/com/android/server/pm/pkg/component/ParsedPermissionUtils.java"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"117734366611283682658654943499471071695",
"276769917539867857987563833180772071061",
"45281106013445078395372620220823851808",
"174605364919204227151076438204749758300"
],
"threshold": 0.9
},
"id": "ASB-A-213323615-d81e6f7d",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/768169a8e1b65cdd4f47fed52a8b3fff18016061",
"target": {
"file": "services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 557.0,
"function_hash": "112977023920727231037731816425652706666"
},
"id": "ASB-A-213323615-f4997800",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/768169a8e1b65cdd4f47fed52a8b3fff18016061",
"target": {
"file": "services/core/java/com/android/server/pm/pkg/component/ParsedPermissionUtils.java",
"function": "declareDuplicatePermission"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/45b23196772a4fe8875f2ca6514208fe368c2cd5",
"https://android.googlesource.com/platform/frameworks/base/+/768169a8e1b65cdd4f47fed52a8b3fff18016061"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "High",
"spl": "2022-09-01",
"vanir_signatures": [
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"188699400104044092819147146443519659988",
"293801403865878645900028306423536692043",
"293689986215439404709957682108036202438",
"85561819563484648053084880425161231140",
"231088565817113626913859475956546366049",
"127723794484949765253308390424340886076",
"289813876127781859409162812311882125720",
"277580085141545940257826528018572104067",
"200837008128332139592711974640783398098",
"255760948579642866354411139308896485145",
"279983292969872000786696812348496587372",
"111185961665560459476792883498641861581",
"87763767637835835745134353284850099186",
"7767745543790808411011488352182659809"
],
"threshold": 0.9
},
"id": "ASB-A-213323615-825c11bd",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/31bd425bb66b108cdec357a00f4a586379bcd33a",
"target": {
"file": "core/java/android/content/pm/PackageParser.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 17224.0,
"function_hash": "221683797801226663888042917378851067973"
},
"id": "ASB-A-213323615-f8466737",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/31bd425bb66b108cdec357a00f4a586379bcd33a",
"target": {
"file": "core/java/android/content/pm/PackageParser.java",
"function": "parseBaseApkCommon"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/50d343c656921ba9c730c68b7a41de6b15f57f03",
"https://android.googlesource.com/platform/frameworks/base/+/31bd425bb66b108cdec357a00f4a586379bcd33a"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "High",
"spl": "2022-09-01",
"vanir_signatures": [
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"305401523789499478827361557217961658045",
"102413550799631146447224294227010522080",
"87971491308847713561417604219896459843",
"113131329508990271118021391579675679397",
"179195736965089138526883985577918343094",
"55405762641005904618620824843357796760",
"92535241445486926952776061151884044920",
"197367873607234268646028747359521864696",
"337123267244188402432015517011801665134",
"162975221799299857987152505544839104588"
],
"threshold": 0.9
},
"id": "ASB-A-213323615-572ab99e",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9a9dc720c151ce9d8a2bba6f5400f5a8f759b2d",
"target": {
"file": "core/java/android/content/pm/parsing/component/ParsedPermissionUtils.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 2188.0,
"function_hash": "280932360100611518604172093024776033945"
},
"id": "ASB-A-213323615-c7f8efd9",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9a9dc720c151ce9d8a2bba6f5400f5a8f759b2d",
"target": {
"file": "core/java/android/content/pm/parsing/ParsingPackageUtils.java",
"function": "parseBaseApkTags"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"4852701972688570944352678454668752570",
"249479494306241659973766196730396190843",
"329987915965942833107201356462141170304",
"33120293543104832175888766753343462142",
"47371257511090445633612852528199684994",
"28328073654286549053901239839352771712",
"112621608431384631126549263526452059074"
],
"threshold": 0.9
},
"id": "ASB-A-213323615-fd3c0cf0",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9a9dc720c151ce9d8a2bba6f5400f5a8f759b2d",
"target": {
"file": "core/java/android/content/pm/parsing/ParsingPackageUtils.java"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/bbe2a118277d9b225a272c53e509fdeb2fe0a993",
"https://android.googlesource.com/platform/frameworks/base/+/f9a9dc720c151ce9d8a2bba6f5400f5a8f759b2d"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "High",
"spl": "2022-09-01",
"vanir_signatures": [
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"238174133896978183187111184948420411824",
"102413550799631146447224294227010522080",
"87971491308847713561417604219896459843",
"113669925240391797581799984901176333066",
"194260612185699153829775252896703736038",
"239380133730887134163356706748051582986",
"66072770650890385991639424402343216567",
"247359269890610958875662004948764016911",
"337123267244188402432015517011801665134",
"162975221799299857987152505544839104588"
],
"threshold": 0.9
},
"id": "ASB-A-213323615-9bd5b0e9",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d",
"target": {
"file": "core/java/android/content/pm/parsing/component/ParsedPermissionUtils.java"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"215224564606111572183109105517834768236",
"103717906963742723714051349868307315925",
"329987915965942833107201356462141170304",
"33120293543104832175888766753343462142",
"118249337739705624783597869770329249557",
"28328073654286549053901239839352771712",
"112621608431384631126549263526452059074"
],
"threshold": 0.9
},
"id": "ASB-A-213323615-a916a71b",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d",
"target": {
"file": "core/java/android/content/pm/parsing/ParsingPackageUtils.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 2112.0,
"function_hash": "73688360684607996266791569226529616467"
},
"id": "ASB-A-213323615-f4a8df9d",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d",
"target": {
"file": "core/java/android/content/pm/parsing/ParsingPackageUtils.java",
"function": "parseBaseApkTags"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/dfeea39dbc61ea9884e7e017335cbdf4942fa181",
"https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "High",
"spl": "2022-09-01",
"vanir_signatures": [
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"215224564606111572183109105517834768236",
"103717906963742723714051349868307315925",
"329987915965942833107201356462141170304",
"33120293543104832175888766753343462142",
"118249337739705624783597869770329249557",
"28328073654286549053901239839352771712",
"112621608431384631126549263526452059074"
],
"threshold": 0.9
},
"id": "ASB-A-213323615-1113719f",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d",
"target": {
"file": "core/java/android/content/pm/parsing/ParsingPackageUtils.java"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"238174133896978183187111184948420411824",
"102413550799631146447224294227010522080",
"87971491308847713561417604219896459843",
"113669925240391797581799984901176333066",
"194260612185699153829775252896703736038",
"239380133730887134163356706748051582986",
"66072770650890385991639424402343216567",
"247359269890610958875662004948764016911",
"337123267244188402432015517011801665134",
"162975221799299857987152505544839104588"
],
"threshold": 0.9
},
"id": "ASB-A-213323615-177f36d1",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d",
"target": {
"file": "core/java/android/content/pm/parsing/component/ParsedPermissionUtils.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 2112.0,
"function_hash": "73688360684607996266791569226529616467"
},
"id": "ASB-A-213323615-9aa388d8",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d",
"target": {
"file": "core/java/android/content/pm/parsing/ParsingPackageUtils.java",
"function": "parseBaseApkTags"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/dfeea39dbc61ea9884e7e017335cbdf4942fa181",
"https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d"
]
}