ASB-A-237290578
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-237290578.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-237290578
- Aliases
-
- A-237290578
- CVE-2022-20419
- Published
- 2022-10-01T00:00:00Z
- Modified
- 2026-05-01T15:24:27.653932Z
- Summary
- [none]
- Details
-
In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c"
],
"severity": "Critical",
"spl": "2022-10-01",
"vanir_signatures": [
{
"deprecated": false,
"match_only_versions": [
"12L"
],
"signature_version": "v1",
"digest": {
"length": 216.0,
"function_hash": "205398171342732717523701527669719181976"
},
"id": "ASB-A-237290578-4bb14851",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityRecord.java",
"function": "takeOptions"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-237290578-5662a94a",
"digest": {
"line_hashes": [
"141409068137822364776637404179214809909",
"141646122292666747827102773057754006353",
"115214146352062741294180703043020714224"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c",
"signature_type": "Line",
"target": {
"file": "core/java/android/app/ActivityOptions.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-237290578-932d0bef",
"digest": {
"line_hashes": [
"123932784371985051459924424380706729449",
"197535680874352624395498706667897197889",
"238119913619143259649442240135204435966",
"8093508599898817594190718849734633838",
"144138795246327357023218240210182545717",
"272064731781995071156461217388638949151"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityRecord.java"
}
}
],
"types": [
"ID"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c"
],
"severity": "Critical",
"spl": "2022-10-01",
"vanir_signatures": [
{
"deprecated": false,
"match_only_versions": [
"13"
],
"signature_version": "v1",
"digest": {
"length": 216.0,
"function_hash": "205398171342732717523701527669719181976"
},
"id": "ASB-A-237290578-a2a9c6a1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityRecord.java",
"function": "takeOptions"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-237290578-b9a6b660",
"digest": {
"line_hashes": [
"141409068137822364776637404179214809909",
"141646122292666747827102773057754006353",
"115214146352062741294180703043020714224"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c",
"signature_type": "Line",
"target": {
"file": "core/java/android/app/ActivityOptions.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-237290578-d9d373b9",
"digest": {
"line_hashes": [
"123932784371985051459924424380706729449",
"197535680874352624395498706667897197889",
"238119913619143259649442240135204435966",
"8093508599898817594190718849734633838",
"144138795246327357023218240210182545717",
"272064731781995071156461217388638949151"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityRecord.java"
}
}
],
"types": [
"ID"
]
}