ASB-A-234013191
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-234013191.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-234013191
- Aliases
-
- A-234013191
- CVE-2022-20470
- Published
- 2022-12-01T00:00:00Z
- Modified
- 2026-06-16T15:04:57.126039127Z
- Summary
- [none]
- Details
-
In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011"
],
"spl": "2022-12-01",
"vanir_signatures": [
{
"deprecated": false,
"target": {
"file": "services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011",
"digest": {
"line_hashes": [
"301939499715474086686814466129782162595",
"338666126514144047379684270714637681856",
"237068998572706870373509846032853599867",
"253068636425074951647775241125817726292",
"81309442384179410729868758149480836056",
"149351765488031146942561662630386098070",
"258822827992832751568478612410852030246",
"1472386385560218029928473278780656262"
],
"threshold": 0.9
},
"id": "ASB-A-234013191-60122e66",
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java",
"function": "bindRemoteViewsService"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011",
"signature_version": "v1",
"digest": {
"function_hash": "208609670895234307832493313701423419039",
"length": 1287.0
},
"id": "ASB-A-234013191-eb2953dc",
"signature_type": "Function"
}
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011"
],
"spl": "2022-12-01",
"vanir_signatures": [
{
"deprecated": false,
"target": {
"file": "services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011",
"digest": {
"line_hashes": [
"301939499715474086686814466129782162595",
"338666126514144047379684270714637681856",
"237068998572706870373509846032853599867",
"253068636425074951647775241125817726292",
"81309442384179410729868758149480836056",
"149351765488031146942561662630386098070",
"258822827992832751568478612410852030246",
"1472386385560218029928473278780656262"
],
"threshold": 0.9
},
"id": "ASB-A-234013191-8788b533",
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java",
"function": "bindRemoteViewsService"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011",
"digest": {
"function_hash": "208609670895234307832493313701423419039",
"length": 1287.0
},
"id": "ASB-A-234013191-efe3eff5"
}
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011"
],
"spl": "2022-12-01",
"vanir_signatures": [
{
"deprecated": false,
"target": {
"file": "services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java",
"function": "bindRemoteViewsService"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011",
"digest": {
"function_hash": "208609670895234307832493313701423419039",
"length": 1287.0
},
"id": "ASB-A-234013191-165e71a1",
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"301939499715474086686814466129782162595",
"338666126514144047379684270714637681856",
"237068998572706870373509846032853599867",
"253068636425074951647775241125817726292",
"81309442384179410729868758149480836056",
"149351765488031146942561662630386098070",
"258822827992832751568478612410852030246",
"1472386385560218029928473278780656262"
],
"threshold": 0.9
},
"id": "ASB-A-234013191-a619de18",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011"
}
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011"
],
"spl": "2022-12-01",
"vanir_signatures": [
{
"deprecated": false,
"target": {
"file": "services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java",
"function": "bindRemoteViewsService"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011",
"digest": {
"function_hash": "208609670895234307832493313701423419039",
"length": 1287.0
},
"id": "ASB-A-234013191-ad3fa7e5"
},
{
"deprecated": false,
"target": {
"file": "services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011",
"signature_version": "v1",
"digest": {
"line_hashes": [
"301939499715474086686814466129782162595",
"338666126514144047379684270714637681856",
"237068998572706870373509846032853599867",
"253068636425074951647775241125817726292",
"81309442384179410729868758149480836056",
"149351765488031146942561662630386098070",
"258822827992832751568478612410852030246",
"1472386385560218029928473278780656262"
],
"threshold": 0.9
},
"id": "ASB-A-234013191-bbad910f",
"signature_type": "Line"
}
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011"
],
"spl": "2022-12-01",
"vanir_signatures": [
{
"deprecated": false,
"target": {
"file": "services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011",
"signature_version": "v1",
"digest": {
"line_hashes": [
"301939499715474086686814466129782162595",
"338666126514144047379684270714637681856",
"237068998572706870373509846032853599867",
"253068636425074951647775241125817726292",
"81309442384179410729868758149480836056",
"149351765488031146942561662630386098070",
"258822827992832751568478612410852030246",
"1472386385560218029928473278780656262"
],
"threshold": 0.9
},
"id": "ASB-A-234013191-a214aa4c",
"signature_type": "Line"
},
{
"deprecated": false,
"target": {
"file": "services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java",
"function": "bindRemoteViewsService"
},
"signature_type": "Function",
"digest": {
"function_hash": "208609670895234307832493313701423419039",
"length": 1287.0
},
"id": "ASB-A-234013191-c0a2b185",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011"
}
]
}