PUB-A-232798363

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-232798363.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-232798363
Aliases
  • A-232798363
  • CVE-2022-20533
Published
2022-12-01T00:00:00Z
Modified
2024-11-06T12:16:03.231308Z
Summary
[none]
Details

In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/apps/Settings

Package

Name
platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2022-12-01

Affected versions

Other

13

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "137983744424907869421349416450389844693",
                    "280080106990469651977084687195791678452",
                    "188839333270416660864091952438551563498",
                    "56910409752950726715948533654514992554",
                    "58268938634345600572599465271216050228",
                    "55148441852337092315091292426796754542",
                    "132070702210441912430959234429884186300",
                    "126763671819233558646582261366655430523",
                    "258724214376365319540918331863229346910",
                    "4945897638035594566558998369278461672",
                    "3065626731211669564420850861012595577",
                    "146548272042098257741913834659984587585",
                    "53142333524085514145321524812222960581",
                    "137448228559317945951489319352638687889",
                    "334969361162005617753980595116507640602"
                ]
            },
            "id": "PUB-A-232798363-22b61127",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/5f421125abcdc78c73ef4af3da68ab623d2d95db",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/wifi/slice/WifiSlice.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1092.0,
                "function_hash": "197123585407078326444561702802873860629"
            },
            "id": "PUB-A-232798363-8f47d6fc",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/5f421125abcdc78c73ef4af3da68ab623d2d95db",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/wifi/slice/WifiSlice.java",
                "function": "getSlice"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/5f421125abcdc78c73ef4af3da68ab623d2d95db"
    ],
    "spl": "2022-12-01",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}