ASB-A-219044664
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-219044664.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-219044664
- Aliases
-
- A-219044664
- CVE-2022-20005
- Published
- 2022-05-01T00:00:00Z
- Modified
- 2026-05-01T15:24:27.653932Z
- Summary
- [none]
- Details
-
In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/a5dd59db6d1889ae0aa95ef01bbf8c98e360a2f2"
],
"severity": "High",
"spl": "2022-05-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-219044664-1a69041b",
"digest": {
"length": 6954.0,
"function_hash": "231990516022432859515481353455776451874"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/a5dd59db6d1889ae0aa95ef01bbf8c98e360a2f2",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java",
"function": "validateApkInstallLocked"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-219044664-837b635c",
"digest": {
"line_hashes": [
"180540424809410108203819155674178703077",
"310192941804949544849809573407891877990",
"119835757437939988808744406930910971941",
"70541103374231375402887502243412630152",
"33594561195262327339142717655851560430",
"155927009038804990930832153736923090981",
"250405756640230757845653727125355385240",
"203884490892640686155713902095510326404",
"99683244548145421579673942579196578890",
"240835686705695241023296524170794580937",
"250527447965076997283029578436906981614",
"117468068627482448288391961128067969669"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/a5dd59db6d1889ae0aa95ef01bbf8c98e360a2f2",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java"
}
}
],
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/52a4337a4790350e8270b0712d9977159c07e096"
],
"severity": "High",
"spl": "2022-05-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-219044664-8b7c1747",
"digest": {
"line_hashes": [
"180540424809410108203819155674178703077",
"310192941804949544849809573407891877990",
"119835757437939988808744406930910971941",
"70541103374231375402887502243412630152",
"33594561195262327339142717655851560430",
"155927009038804990930832153736923090981",
"250405756640230757845653727125355385240",
"203884490892640686155713902095510326404",
"99683244548145421579673942579196578890",
"30731540922810736168728098478051819998",
"234229738927911877615018910976101797115",
"247795310976460709509992912805621675362"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/52a4337a4790350e8270b0712d9977159c07e096",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-219044664-f8cfcde2",
"digest": {
"length": 7728.0,
"function_hash": "182370216373814584356638447485313003128"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/52a4337a4790350e8270b0712d9977159c07e096",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java",
"function": "validateApkInstallLocked"
}
}
],
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/5b2e8af805e559c484f4c17d96459a3284d48824"
],
"severity": "High",
"spl": "2022-05-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-219044664-71a43813",
"digest": {
"line_hashes": [
"126649318037345343753490697120452954107",
"194773562856015092151238496551787168544",
"232480445117399624084228075804858210752",
"70541103374231375402887502243412630152",
"171320219436343288127093230170613975268",
"241106788494647486170183478616371241689",
"286485087625539031559168727923564794757",
"119023713081308280265343167240695200326",
"99683244548145421579673942579196578890",
"30731540922810736168728098478051819998",
"234229738927911877615018910976101797115",
"247795310976460709509992912805621675362"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/5b2e8af805e559c484f4c17d96459a3284d48824",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-219044664-81a2541b",
"digest": {
"length": 8530.0,
"function_hash": "208139483470825842445175165543268099324"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/5b2e8af805e559c484f4c17d96459a3284d48824",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java",
"function": "validateApkInstallLocked"
}
}
],
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/36b0e9e94c3af7e5f81b88d68447c890d1126498"
],
"severity": "High",
"spl": "2022-05-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-219044664-5262c664",
"digest": {
"length": 8530.0,
"function_hash": "208139483470825842445175165543268099324"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/36b0e9e94c3af7e5f81b88d68447c890d1126498",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java",
"function": "validateApkInstallLocked"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-219044664-967ee436",
"digest": {
"line_hashes": [
"126649318037345343753490697120452954107",
"194773562856015092151238496551787168544",
"232480445117399624084228075804858210752",
"70541103374231375402887502243412630152",
"171320219436343288127093230170613975268",
"241106788494647486170183478616371241689",
"286485087625539031559168727923564794757",
"119023713081308280265343167240695200326",
"99683244548145421579673942579196578890",
"30731540922810736168728098478051819998",
"234229738927911877615018910976101797115",
"247795310976460709509992912805621675362"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/36b0e9e94c3af7e5f81b88d68447c890d1126498",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java"
}
}
],
"types": [
"EoP"
]
}