ASB-A-238377411
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-238377411.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-238377411
- Aliases
-
- A-238377411
- CVE-2022-20420
- Published
- 2022-10-01T00:00:00Z
- Modified
- 2026-04-30T15:48:46.890647Z
- Summary
- [none]
- Details
-
In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"spl": "2022-10-01",
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"length": 2215.0,
"function_hash": "81851832787058760284793457627546280792"
},
"id": "ASB-A-238377411-00e006fe",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/26945bf8608a8d5e38bdda4a68e3d444eed03de0",
"target": {
"file": "services/core/java/com/android/server/am/AppRestrictionController.java",
"function": "getBackgroundRestrictionExemptionReason"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"338084814463838692865463276062272481269",
"204095983282894935881441189197943072724",
"111208491350462862960277179470679895697",
"163064010969996349495530247851842396655",
"16839510854669803563955315361634610793",
"1786610215237782535962533169394715750",
"334398862494929584959105449151793775680",
"330533647503340784153069115043786205902",
"143485974629224183528668425378540623940",
"26926396955253309710027627514622503319",
"273745746621807355187035804840176057909",
"305889137737588596988465704815320506336",
"134194250848175375095003306340074806879",
"194957543535939216182745666166217578049",
"26422771808357216473777961746329713413",
"265669218276827631057056749515506381182",
"76606515071439434307528638013225843903",
"288517370563388251142327358930969033659",
"130344593426080827019006436581711947077",
"186682583954881249989830317938655312716",
"225415400739484179376797177558147078077",
"51695108914376855781955835012299425394",
"150871703979736768091563171795087467328",
"191061473204025477134646219421376372468",
"21290638900906506377241001768891280698",
"186369197693698899165612098672542311067",
"574410352114663538138448114640889277",
"114051027259629430124426829744691013693",
"283453390914155909792195628521054937976",
"243016695195401865758899327290423773863",
"235135641989946274393347545803689135166",
"52733613119433308264821384417685192222",
"119872224072732039667693289869059257275",
"95863338367342909469211096695945675284"
],
"threshold": 0.9
},
"id": "ASB-A-238377411-9a5ec86e",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/26945bf8608a8d5e38bdda4a68e3d444eed03de0",
"target": {
"file": "services/core/java/com/android/server/am/AppRestrictionController.java"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/26945bf8608a8d5e38bdda4a68e3d444eed03de0"
]
}