ASB-A-238605611
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-238605611.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-238605611
- Aliases
-
- A-238605611
- CVE-2022-20441
- Published
- 2022-11-01T00:00:00Z
- Modified
- 2026-04-30T15:48:46.890647Z
- Summary
- [none]
- Details
-
In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "High",
"spl": "2022-11-01",
"vanir_signatures": [
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"133686240502154279773786091537619108093",
"127422999342910536179245695135013393407",
"67300099388067396301101616012652645851",
"163337302695678712309673231316935163919"
],
"threshold": 0.9
},
"id": "ASB-A-238605611-3c102533",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/b9a934064598aa655fab4ce75c8eab6165409670",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityStack.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 2419.0,
"function_hash": "141808979057367176623854081047563148082"
},
"id": "ASB-A-238605611-9d53ae64",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/b9a934064598aa655fab4ce75c8eab6165409670",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityStack.java",
"function": "navigateUpToLocked"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/b9a934064598aa655fab4ce75c8eab6165409670"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "High",
"spl": "2022-11-01",
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"length": 2639.0,
"function_hash": "163152809231710033579916402524672977404"
},
"id": "ASB-A-238605611-91108326",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/834812c423f10deb95953d41a7007d4cba78f1ec",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityStack.java",
"function": "navigateUpTo"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"296617296869850907267513721048240912212",
"263685780514689924530157676118455628991",
"184954184224360563554526753095394000592",
"274708570523028382735820840000386689045"
],
"threshold": 0.9
},
"id": "ASB-A-238605611-9b024acd",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/834812c423f10deb95953d41a7007d4cba78f1ec",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityStack.java"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/834812c423f10deb95953d41a7007d4cba78f1ec"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "High",
"spl": "2022-11-01",
"vanir_signatures": [
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"296617296869850907267513721048240912212",
"263685780514689924530157676118455628991",
"184954184224360563554526753095394000592",
"274708570523028382735820840000386689045"
],
"threshold": 0.9
},
"id": "ASB-A-238605611-0ce50a76",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/89ebc8c43f7d2aeaee4fdcf667f07aa98404981d",
"target": {
"file": "services/core/java/com/android/server/wm/Task.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 2639.0,
"function_hash": "163152809231710033579916402524672977404"
},
"id": "ASB-A-238605611-f2e80d05",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/89ebc8c43f7d2aeaee4fdcf667f07aa98404981d",
"target": {
"file": "services/core/java/com/android/server/wm/Task.java",
"function": "navigateUpTo"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/89ebc8c43f7d2aeaee4fdcf667f07aa98404981d"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "High",
"spl": "2022-11-01",
"vanir_signatures": [
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"296617296869850907267513721048240912212",
"263685780514689924530157676118455628991",
"184954184224360563554526753095394000592",
"274708570523028382735820840000386689045"
],
"threshold": 0.9
},
"id": "ASB-A-238605611-23f76833",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/89ebc8c43f7d2aeaee4fdcf667f07aa98404981d",
"target": {
"file": "services/core/java/com/android/server/wm/Task.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 2639.0,
"function_hash": "163152809231710033579916402524672977404"
},
"id": "ASB-A-238605611-b8dfb5b3",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/89ebc8c43f7d2aeaee4fdcf667f07aa98404981d",
"target": {
"file": "services/core/java/com/android/server/wm/Task.java",
"function": "navigateUpTo"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/89ebc8c43f7d2aeaee4fdcf667f07aa98404981d"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "High",
"spl": "2022-11-01",
"vanir_signatures": [
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"296617296869850907267513721048240912212",
"263685780514689924530157676118455628991",
"184954184224360563554526753095394000592",
"274708570523028382735820840000386689045"
],
"threshold": 0.9
},
"id": "ASB-A-238605611-4db27a7c",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/4c355690494f17c8ebdecbc8b1a1eaef21ffc0f3",
"target": {
"file": "services/core/java/com/android/server/wm/Task.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 2633.0,
"function_hash": "253823414916555359442814760992698480359"
},
"id": "ASB-A-238605611-70327b87",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/4c355690494f17c8ebdecbc8b1a1eaef21ffc0f3",
"target": {
"file": "services/core/java/com/android/server/wm/Task.java",
"function": "navigateUpTo"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/4c355690494f17c8ebdecbc8b1a1eaef21ffc0f3"
]
}