ASB-A-240138294
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-240138294.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-240138294
- Aliases
-
- A-240138294
- CVE-2022-20474
- Published
- 2022-12-01T00:00:00Z
- Modified
- 2026-05-01T15:24:27.653932Z
- Summary
- [none]
- Details
-
In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82"
],
"severity": "High",
"spl": "2022-12-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-00727c86",
"digest": {
"length": 2612.0,
"function_hash": "220950197671026908620116892012269337281"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "onResult"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-083f2460",
"digest": {
"line_hashes": [
"65744354714521746236409576191947554438",
"336100995050413396604471046648600747849",
"46174948320726816946394223971298634080",
"204359576054625082268789891801367566762",
"208991286625372726279956857582409591002",
"294424605946274934913008858286110933628",
"39620355197721807861858985648559892713",
"122050568306174614461067255367068473513",
"73315145992809006133637400549815878830",
"294424605946274934913008858286110933628",
"39620355197721807861858985648559892713",
"122050568306174614461067255367068473513",
"131094452132685235150002717794774811759",
"218046355958882751674254932052378610608",
"202670327038763020310835509548705256826",
"319808544072902901818988794735872465308",
"294963086035200924983677506496592561929",
"266889227588429636352149285826247001618",
"287536587174859972781888474519565795358",
"73315145992809006133637400549815878830",
"294424605946274934913008858286110933628",
"39620355197721807861858985648559892713",
"122050568306174614461067255367068473513"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-48619685",
"digest": {
"length": 2210.0,
"function_hash": "283194143277269717748301748310619667576"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "onResult"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-70c5336a",
"digest": {
"length": 1604.0,
"function_hash": "156948064075838632746183658421607701443"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "onResult"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-aa21fefb",
"digest": {
"length": 1167.0,
"function_hash": "38370320216997995420236719490943001759"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "checkKeyIntent"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-f0320297",
"digest": {
"length": 5385.0,
"function_hash": "106863402836542716138093788315930033614"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "getAuthToken"
}
}
],
"types": [
"EoP"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82"
],
"severity": "High",
"spl": "2022-12-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-139dbec5",
"digest": {
"length": 5385.0,
"function_hash": "106863402836542716138093788315930033614"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "getAuthToken"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-1436e0f9",
"digest": {
"length": 1167.0,
"function_hash": "38370320216997995420236719490943001759"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "checkKeyIntent"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-1732870c",
"digest": {
"length": 1604.0,
"function_hash": "156948064075838632746183658421607701443"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "onResult"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-2b210912",
"digest": {
"length": 2612.0,
"function_hash": "220950197671026908620116892012269337281"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "onResult"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-7fbdde97",
"digest": {
"length": 2210.0,
"function_hash": "283194143277269717748301748310619667576"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "onResult"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-b3500800",
"digest": {
"line_hashes": [
"65744354714521746236409576191947554438",
"336100995050413396604471046648600747849",
"46174948320726816946394223971298634080",
"204359576054625082268789891801367566762",
"208991286625372726279956857582409591002",
"294424605946274934913008858286110933628",
"39620355197721807861858985648559892713",
"122050568306174614461067255367068473513",
"73315145992809006133637400549815878830",
"294424605946274934913008858286110933628",
"39620355197721807861858985648559892713",
"122050568306174614461067255367068473513",
"131094452132685235150002717794774811759",
"218046355958882751674254932052378610608",
"202670327038763020310835509548705256826",
"319808544072902901818988794735872465308",
"294963086035200924983677506496592561929",
"266889227588429636352149285826247001618",
"287536587174859972781888474519565795358",
"73315145992809006133637400549815878830",
"294424605946274934913008858286110933628",
"39620355197721807861858985648559892713",
"122050568306174614461067255367068473513"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
}
}
],
"types": [
"EoP"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82"
],
"severity": "High",
"spl": "2022-12-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-0bab2a56",
"digest": {
"length": 2210.0,
"function_hash": "283194143277269717748301748310619667576"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "onResult"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-0ce8adbc",
"digest": {
"length": 1167.0,
"function_hash": "38370320216997995420236719490943001759"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "checkKeyIntent"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-3d4a9fae",
"digest": {
"length": 5385.0,
"function_hash": "106863402836542716138093788315930033614"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "getAuthToken"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-421b1bbd",
"digest": {
"length": 1604.0,
"function_hash": "156948064075838632746183658421607701443"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "onResult"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-eeb2db13",
"digest": {
"line_hashes": [
"65744354714521746236409576191947554438",
"336100995050413396604471046648600747849",
"46174948320726816946394223971298634080",
"204359576054625082268789891801367566762",
"208991286625372726279956857582409591002",
"294424605946274934913008858286110933628",
"39620355197721807861858985648559892713",
"122050568306174614461067255367068473513",
"73315145992809006133637400549815878830",
"294424605946274934913008858286110933628",
"39620355197721807861858985648559892713",
"122050568306174614461067255367068473513",
"131094452132685235150002717794774811759",
"218046355958882751674254932052378610608",
"202670327038763020310835509548705256826",
"319808544072902901818988794735872465308",
"294963086035200924983677506496592561929",
"266889227588429636352149285826247001618",
"287536587174859972781888474519565795358",
"73315145992809006133637400549815878830",
"294424605946274934913008858286110933628",
"39620355197721807861858985648559892713",
"122050568306174614461067255367068473513"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-ff13d04d",
"digest": {
"length": 2612.0,
"function_hash": "220950197671026908620116892012269337281"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "onResult"
}
}
],
"types": [
"EoP"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82"
],
"severity": "High",
"spl": "2022-12-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-03adb9b5",
"digest": {
"length": 1604.0,
"function_hash": "156948064075838632746183658421607701443"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "onResult"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-175b0f49",
"digest": {
"length": 1167.0,
"function_hash": "38370320216997995420236719490943001759"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "checkKeyIntent"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-79172dc1",
"digest": {
"line_hashes": [
"65744354714521746236409576191947554438",
"336100995050413396604471046648600747849",
"46174948320726816946394223971298634080",
"204359576054625082268789891801367566762",
"208991286625372726279956857582409591002",
"294424605946274934913008858286110933628",
"39620355197721807861858985648559892713",
"122050568306174614461067255367068473513",
"73315145992809006133637400549815878830",
"294424605946274934913008858286110933628",
"39620355197721807861858985648559892713",
"122050568306174614461067255367068473513",
"131094452132685235150002717794774811759",
"218046355958882751674254932052378610608",
"202670327038763020310835509548705256826",
"319808544072902901818988794735872465308",
"294963086035200924983677506496592561929",
"266889227588429636352149285826247001618",
"287536587174859972781888474519565795358",
"73315145992809006133637400549815878830",
"294424605946274934913008858286110933628",
"39620355197721807861858985648559892713",
"122050568306174614461067255367068473513"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-8878cac2",
"digest": {
"length": 2210.0,
"function_hash": "283194143277269717748301748310619667576"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "onResult"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-bda1d53e",
"digest": {
"length": 5385.0,
"function_hash": "106863402836542716138093788315930033614"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "getAuthToken"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-dd9281ac",
"digest": {
"length": 2612.0,
"function_hash": "220950197671026908620116892012269337281"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/eb9a0566a583fa13f8aff671c41f78a9e33eab82",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "onResult"
}
}
],
"types": [
"EoP"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/34683275498914ece5ee9435846b7b429ccfc964",
"https://android.googlesource.com/platform/frameworks/base/+/ba27731d04d95bf4b17c41a5d85aac09c39b9329"
],
"severity": "High",
"spl": "2022-12-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-0152ae22",
"digest": {
"length": 1140.0,
"function_hash": "119819233901957715080604570772080806263"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/ba27731d04d95bf4b17c41a5d85aac09c39b9329",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "checkKeyIntent"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-05719152",
"digest": {
"length": 362.0,
"function_hash": "65631911930041298540002693789372037050"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/34683275498914ece5ee9435846b7b429ccfc964",
"signature_type": "Function",
"target": {
"file": "core/java/android/os/Parcel.java",
"function": "readLazyValue"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-11ef425f",
"digest": {
"length": 5627.0,
"function_hash": "172104913434305629063826639954111096960"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/ba27731d04d95bf4b17c41a5d85aac09c39b9329",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "getAuthToken"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-1e47334d",
"digest": {
"line_hashes": [
"231045337660171488666168590541471054540",
"248523352219235644303151030262148233029",
"314133701034599983666413107751200451172",
"252501481589049757718974268511663338499"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/34683275498914ece5ee9435846b7b429ccfc964",
"signature_type": "Line",
"target": {
"file": "core/java/android/os/Parcel.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-2062c6cd",
"digest": {
"length": 2210.0,
"function_hash": "283194143277269717748301748310619667576"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/ba27731d04d95bf4b17c41a5d85aac09c39b9329",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "onResult"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-2e349a7e",
"digest": {
"length": 2612.0,
"function_hash": "220950197671026908620116892012269337281"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/ba27731d04d95bf4b17c41a5d85aac09c39b9329",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "onResult"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-d1d77d12",
"digest": {
"length": 1604.0,
"function_hash": "156948064075838632746183658421607701443"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/ba27731d04d95bf4b17c41a5d85aac09c39b9329",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
"function": "onResult"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-240138294-f61d7e48",
"digest": {
"line_hashes": [
"197401720662816539459617790767298463363",
"297452927230242983594296518816596032312",
"243543373481505492379459454436153318386",
"204359576054625082268789891801367566762",
"208991286625372726279956857582409591002",
"294424605946274934913008858286110933628",
"39620355197721807861858985648559892713",
"122050568306174614461067255367068473513",
"73315145992809006133637400549815878830",
"294424605946274934913008858286110933628",
"39620355197721807861858985648559892713",
"122050568306174614461067255367068473513",
"131094452132685235150002717794774811759",
"218046355958882751674254932052378610608",
"202670327038763020310835509548705256826",
"319808544072902901818988794735872465308",
"294963086035200924983677506496592561929",
"266889227588429636352149285826247001618",
"287536587174859972781888474519565795358",
"73315145992809006133637400549815878830",
"294424605946274934913008858286110933628",
"39620355197721807861858985648559892713",
"122050568306174614461067255367068473513"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/ba27731d04d95bf4b17c41a5d85aac09c39b9329",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
}
}
],
"types": [
"EoP"
]
}