PUB-A-208279300
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/PUB-A-208279300.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-208279300
- Aliases
-
- A-208279300
- ASB-A-208279300
- CVE-2022-20197
- Published
- 2022-06-01T00:00:00Z
- Modified
- 2025-11-27T16:57:45.220720Z
- Summary
- [none]
- Details
-
In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"id": "PUB-A-208279300-7b603131",
"target": {
"file": "core/java/android/os/Parcel.java",
"function": "recycle"
},
"digest": {
"function_hash": "295972483992823207807516585320029458283",
"length": 407.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/011dda6e011aaba1112932576ae4080e10200d7c",
"signature_version": "v1"
},
{
"id": "PUB-A-208279300-aca52d55",
"target": {
"file": "core/java/android/os/Parcel.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"316753909301305578740771338963451125640",
"86906117398184293737935705669161310446",
"289190745808397464931819942032085311598",
"134496265879813177300596224622561904500"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/011dda6e011aaba1112932576ae4080e10200d7c",
"signature_version": "v1"
}
],
"types": [
"EoP"
],
"severity": "Moderate",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/011dda6e011aaba1112932576ae4080e10200d7c"
],
"spl": "2022-06-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"id": "PUB-A-208279300-3833ed4d",
"target": {
"file": "core/java/android/os/Parcel.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"271829008703992931818398218078023132919",
"86906117398184293737935705669161310446",
"289190745808397464931819942032085311598",
"134496265879813177300596224622561904500"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/46770fa49c9a5e51a5ea5a3afc7aab0dba2e59bd",
"signature_version": "v1"
},
{
"id": "PUB-A-208279300-78d30772",
"target": {
"file": "core/java/android/os/Parcel.java",
"function": "recycle"
},
"digest": {
"function_hash": "295972483992823207807516585320029458283",
"length": 407.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/46770fa49c9a5e51a5ea5a3afc7aab0dba2e59bd",
"signature_version": "v1"
}
],
"types": [
"EoP"
],
"severity": "Moderate",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/46770fa49c9a5e51a5ea5a3afc7aab0dba2e59bd"
],
"spl": "2022-06-01"
}