PUB-A-235822336

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-235822336.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-235822336
Aliases
Published
2022-12-01T00:00:00Z
Modified
2026-05-01T15:24:27.653932Z
Summary
[none]
Details

In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2022-12-01

Affected versions

Other
13

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/731ee1a3575b7374bde9ae8957db07ba0f0be238"
    ],
    "severity": "Moderate",
    "spl": "2022-12-01",
    "vanir_signatures": [
        {
            "deprecated": false,
            "match_only_versions": [
                "13"
            ],
            "signature_version": "v1",
            "digest": {
                "length": 515.0,
                "function_hash": "23323229106036744297971719515141463109"
            },
            "id": "PUB-A-235822336-23258692",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/731ee1a3575b7374bde9ae8957db07ba0f0be238",
            "target": {
                "file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
                "function": "getNearbyNotificationStreamingPolicy"
            }
        },
        {
            "deprecated": false,
            "match_only_versions": [
                "13"
            ],
            "signature_version": "v1",
            "digest": {
                "length": 506.0,
                "function_hash": "80280129656514903824163235453787461465"
            },
            "id": "PUB-A-235822336-302f1d11",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/731ee1a3575b7374bde9ae8957db07ba0f0be238",
            "target": {
                "file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
                "function": "getNearbyAppStreamingPolicy"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "PUB-A-235822336-7f9edbf1",
            "digest": {
                "line_hashes": [
                    "119405627220343643703575800912099104374",
                    "305904457889989786555420660248516047723",
                    "302703526076072942604611378099633220393",
                    "149655663574408730792046751362137342101",
                    "119405627220343643703575800912099104374",
                    "305904457889989786555420660248516047723",
                    "302703526076072942604611378099633220393",
                    "149655663574408730792046751362137342101"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/731ee1a3575b7374bde9ae8957db07ba0f0be238",
            "signature_type": "Line",
            "target": {
                "file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"
            }
        }
    ],
    "types": [
        "ID"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/PUB-A-235822336.json"