ASB-A-215003903
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-215003903.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-215003903
- Aliases
-
- A-215003903
- CVE-2022-20356
- Published
- 2022-08-01T00:00:00Z
- Modified
- 2026-04-30T15:48:46.890647Z
- Summary
- [none]
- Details
-
In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"spl": "2022-08-01",
"vanir_signatures": [
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"141936494101994435910609408495157456321",
"254285161234220043694179047609840989917",
"294217032209153822903983582602723288062",
"114669496521924656086088538563371127692",
"28024616308006341106976744842847987427",
"132599590917118019040485781019659441855",
"122949261054482915679161995712476699604",
"2141210285318930533601221656012838095",
"50021513281883459740062358831646004931"
],
"threshold": 0.9
},
"id": "ASB-A-215003903-89bf26fd",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/023509e4871c0dafb842dc812bfa62e8d59cbfae",
"target": {
"file": "services/core/java/com/android/server/am/ActiveServices.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 1246.0,
"function_hash": "147316198261685096379061978137664119284"
},
"id": "ASB-A-215003903-b2c1d615",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/023509e4871c0dafb842dc812bfa62e8d59cbfae",
"target": {
"file": "services/core/java/com/android/server/am/ActiveServices.java",
"function": "shouldAllowWhileInUsePermissionInFgsLocked"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/023509e4871c0dafb842dc812bfa62e8d59cbfae"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"spl": "2022-08-01",
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"length": 1886.0,
"function_hash": "10144134792327162878797898150830193414"
},
"id": "ASB-A-215003903-200ce707",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/eef20391ce4d15d4508dc295cb338954a7c69de7",
"target": {
"file": "services/core/java/com/android/server/am/ActiveServices.java",
"function": "shouldAllowFgsWhileInUsePermissionLocked"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"299260667654334594643410106607925375679",
"272466948077187693167245472331509964857",
"129575487162808911263554416528590020154",
"334165868034975187755725054720244119975",
"160611083855957589510357465509023293701",
"134808848653476560137711870956353618342",
"44906403825218549378530239113478347453",
"105820695026477628508134818188457768511",
"32352918875873988651242560550162227561"
],
"threshold": 0.9
},
"id": "ASB-A-215003903-98f1d2ad",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/eef20391ce4d15d4508dc295cb338954a7c69de7",
"target": {
"file": "services/core/java/com/android/server/am/ActiveServices.java"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/eef20391ce4d15d4508dc295cb338954a7c69de7"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"spl": "2022-08-01",
"vanir_signatures": [
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"299260667654334594643410106607925375679",
"272466948077187693167245472331509964857",
"129575487162808911263554416528590020154",
"334165868034975187755725054720244119975",
"160611083855957589510357465509023293701",
"134808848653476560137711870956353618342",
"44906403825218549378530239113478347453",
"105820695026477628508134818188457768511",
"32352918875873988651242560550162227561"
],
"threshold": 0.9
},
"id": "ASB-A-215003903-26bf66ff",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/b21cc11dd74ceb2da100bd243c33392d4dc2cb7d",
"target": {
"file": "services/core/java/com/android/server/am/ActiveServices.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 1886.0,
"function_hash": "10144134792327162878797898150830193414"
},
"id": "ASB-A-215003903-71d4f31a",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/b21cc11dd74ceb2da100bd243c33392d4dc2cb7d",
"target": {
"file": "services/core/java/com/android/server/am/ActiveServices.java",
"function": "shouldAllowFgsWhileInUsePermissionLocked"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/b21cc11dd74ceb2da100bd243c33392d4dc2cb7d"
]
}