PUB-A-231583603

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-231583603.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-231583603
Aliases
  • A-231583603
  • CVE-2022-20529
Published
2022-12-01T00:00:00Z
Modified
2024-08-29T07:13:04.868273Z
Summary
Unexpected behavior of Pixel Experience by having access to the WiFi network list UI after locking the device. Network login process and Google Keyboard are accessible to enter network key as well.
Details

In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2022-12-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 257.0,
                "function_hash": "241347151877232359430765204676931348045"
            },
            "id": "PUB-A-231583603-067f3f86",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/be23c28ff299dc1143f714dc3fa27507d44fbe72",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/wifi/WifiDialogActivity.java",
                "function": "onDestroy"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "265328237608084895329830281092089983209",
                    "233620388978209571131034031883261505486",
                    "78933601934188487648463180315501963243",
                    "16787206138559797083594536892697950698",
                    "91081648776504085598187741015112363850",
                    "89054039738567739374652433409118086127",
                    "198872643568863845442655815273964125607",
                    "190438712699749724013067352136876449320",
                    "100218978286557187948295867292257599425",
                    "51900080128050360999552112065472217891",
                    "87005879171755826221206663363380995776",
                    "29471057283842427734147201462366480392",
                    "129847223422816447674029892025919979212",
                    "192756713463249838269004534611414178730",
                    "11073595814110060803746296747373123725",
                    "146909534155941355743238501696694364999",
                    "30409693287928069234207725953933344377",
                    "272894026741191392499312932449168713631",
                    "280648130299085816428295256983416013298",
                    "242737358124641320821261689199878212740",
                    "197740041862712537299189502604557982828",
                    "270313872979277078176578058663410794241",
                    "257238617528610071794709606219567192041",
                    "257929141360661190719981703261948846543",
                    "183325986263730029783145769233746546977"
                ]
            },
            "id": "PUB-A-231583603-874022a4",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/be23c28ff299dc1143f714dc3fa27507d44fbe72",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/wifi/WifiDialogActivity.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 671.0,
                "function_hash": "169562481823356516860661282858032250454"
            },
            "id": "PUB-A-231583603-f537c04f",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/be23c28ff299dc1143f714dc3fa27507d44fbe72",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/wifi/WifiDialogActivity.java",
                "function": "onStart"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/be23c28ff299dc1143f714dc3fa27507d44fbe72"
    ],
    "spl": "2022-12-01",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}