PUB-A-225878553
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/PUB-A-225878553.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-225878553
- Aliases
-
- A-225878553
- CVE-2022-20504
- Published
- 2022-12-01T00:00:00Z
- Modified
- 2026-04-30T15:48:46.890647Z
- Summary
- [none]
- Details
-
In multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and dismissal of system dialogs with User execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "Moderate",
"spl": "2022-12-01",
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"length": 841.0,
"function_hash": "84570946199917642132993501652828510477"
},
"id": "PUB-A-225878553-ada0d23c",
"match_only_versions": [
"13"
],
"source": "https://android.googlesource.com/platform/frameworks/base/+/74c52366701debed5f39c629ab85906fd3965605",
"signature_version": "v1",
"target": {
"file": "packages/SystemUI/src/com/android/systemui/Somnambulator.java",
"function": "onStart"
},
"deprecated": false
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"111601856919306959945040798046675314190",
"323649341875246019519796523655744583997",
"19237002593344256534268881322480629398",
"194653030704920630389138112818990278540",
"64482669659673581039259584030923887447",
"285550841041580516291124281483240878775",
"222459686694461920246692805831896759786",
"154920540430791353758659253018776028151",
"122143035283636404373948270898533774623",
"7385543265869109021716688240121882243",
"206938340524604864735447437650786805871",
"171061317807550024799330273954542877125",
"129972929430048496609645008837244623915",
"281973512616645302040300849123432649204",
"53277726540499695883351369598094187724",
"242420114529044879284361405538017526510"
],
"threshold": 0.9
},
"id": "PUB-A-225878553-cdf62628",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/74c52366701debed5f39c629ab85906fd3965605",
"target": {
"file": "services/core/java/com/android/server/dreams/DreamManagerService.java"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"148827578309929601434124436477381552939",
"250355838931807690089030802546551184377",
"180905172210044195772683387361677980710",
"33400707127503291810172002213278928052",
"159817196679578088027840616041345106975",
"227042043365184541602869241854701642994",
"326026759892673788146636571595785848052",
"283039302051576304988045396950485480664",
"149305018640207048103115662478307806130",
"83023011626515758429917499779189243951",
"19608793801391620778588223761561563247",
"168691032286461892567420382341255046905",
"11642563613141503255831934654415347326",
"50915110987792078834825257506550143632",
"201394130822885361954553669489462749486",
"48686543079198976412845184852161181097",
"172829396291802054143844140949178797060",
"159400337043224976613112980319540285537",
"109963801158403198316680704682128301793",
"204879734074564751939985189425614063726",
"245405805130973876990228071452521504216",
"22916344363697987046758273155644769164",
"75925123971582487914349667203468026510",
"209923465766838942652737281105897757231",
"79647565043103329104779906667778982935",
"202525476712614008950146113941401798888",
"43780589431589294882005341613096651483"
],
"threshold": 0.9
},
"id": "PUB-A-225878553-d97a46d2",
"match_only_versions": [
"13"
],
"source": "https://android.googlesource.com/platform/frameworks/base/+/74c52366701debed5f39c629ab85906fd3965605",
"signature_version": "v1",
"target": {
"file": "packages/SystemUI/src/com/android/systemui/Somnambulator.java"
},
"deprecated": false
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/74c52366701debed5f39c629ab85906fd3965605"
]
}