PUB-A-238178261
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/PUB-A-238178261.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-238178261
- Aliases
-
- A-238178261
- CVE-2022-20543
- Published
- 2022-12-01T00:00:00Z
- Modified
- 2025-11-07T15:56:02.122943Z
- Summary
- [none]
- Details
-
In multiple locations, there is a possible display crash loop due to improper input validation. This could lead to local denial of service with system execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2022-12-01
- https://android.googlesource.com/platform/frameworks/base/+/43ca1914b2342aa483aeea7601c8fc72e13b4512
- https://android.googlesource.com/platform/frameworks/base/+/f73a7285093565efcdd8bce37d5981cb510d771a
- https://android.googlesource.com/platform/frameworks/base/+/ed28faef53a74414f213e9e9d1c524808bfc8aba
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"DoS"
],
"spl": "2022-12-01",
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"function_hash": "304190101921573888169004747983102147468",
"length": 7162.0
},
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java",
"function": "WindowManagerService"
},
"signature_version": "v1",
"id": "PUB-A-238178261-006fe8de",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/f73a7285093565efcdd8bce37d5981cb510d771a"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"283176714226900365422427405230134130704",
"320648216866410329530007068907391475901",
"179278628922564564537467145945073890675",
"39391587941517936523556441536485395562",
"271661768155441502885390614860524916706",
"253851025349308914864915209957011323652",
"183315083060254321901116522733627854906",
"185370390930148715109370875034914309411",
"292343691189355151425539167728906476285",
"69257148900943660092618228484518453843",
"178152128930040263222936592733074226534",
"126898310390539199623135728983124685030",
"105750033001225510811141951982537779042",
"243711520198172134484875434640757846097",
"257433507777504354969841199993550250548"
]
},
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java"
},
"signature_version": "v1",
"id": "PUB-A-238178261-1618b1cd",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/ed28faef53a74414f213e9e9d1c524808bfc8aba"
},
{
"match_only_versions": [
"13"
],
"signature_type": "Line",
"target": {
"file": "libs/WindowManager/Jetpack/src/androidx/window/extensions/embedding/TaskFragmentAnimationSpec.java"
},
"id": "PUB-A-238178261-2976756d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"87738969840767659846929934920797583299",
"26439430401825863669475126731857722187",
"23489534413043266613637028796107887135",
"258547205131957049573966778712829298235",
"145786291740166262272956546863171250234",
"168623613412825634710772365624270545980",
"30022053242553996810175236641976605271",
"270746280479874463755195987631732900748",
"261131091814486025169973954366298677107",
"250315339340662181562210989242532087511",
"287006214105073702717732820065096580290",
"6590640281866280051230737299842200348",
"165454646338302994065113456303606009301",
"145354366556651307386127433849574525800",
"164201185024707543938916075829786352373",
"119872727598355989293283920542046940759",
"156010397972510269894706104857163645469",
"280188367714252403004238578573777821443",
"142555071540768416532691435010759216766",
"208965023608440826868921157202357551375"
]
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/43ca1914b2342aa483aeea7601c8fc72e13b4512",
"deprecated": false
},
{
"match_only_versions": [
"13"
],
"signature_type": "Function",
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/transition/Transitions.java",
"function": "onChange"
},
"id": "PUB-A-238178261-468b8fd1",
"digest": {
"function_hash": "222906833901193299505615946271296568567",
"length": 325.0
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/43ca1914b2342aa483aeea7601c8fc72e13b4512",
"deprecated": false
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"200260192712228463204295864434640503478",
"272006601317998595451168182395965643973",
"48961511072071375493738887942604726138",
"35298291698456878450425543857384039733",
"229366970988730696051883132034827351074",
"112866224738787898371988219432919258296",
"312081436106254645788351157881535567928",
"185370390930148715109370875034914309411",
"141820949596474063329116903437369620498",
"332959613923048964129086149171339653080",
"26881778239258148833279264824704758738",
"101134995314776365039877996049362902026",
"32582872565809973017366027252289734405",
"78520311120283447876392342566317952179",
"154262575582884440301324134185390691756"
]
},
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java"
},
"signature_version": "v1",
"id": "PUB-A-238178261-56f05cb4",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/f73a7285093565efcdd8bce37d5981cb510d771a"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"25152929321955180953294488635342221154",
"153513004999573957042251373748847827085",
"215308413045522254840726952257944562392",
"251166917708783435115488163421771920683",
"153518719504049331983446543036089163492",
"269779831500647390648733425278437064953"
]
},
"target": {
"file": "core/java/com/android/internal/view/inline/InlineTooltipUi.java"
},
"signature_version": "v1",
"id": "PUB-A-238178261-5fa645b9",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/f73a7285093565efcdd8bce37d5981cb510d771a"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "238728301992532147583202841780376674738",
"length": 7060.0
},
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java",
"function": "WindowManagerService"
},
"signature_version": "v1",
"id": "PUB-A-238178261-74737fb7",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/ed28faef53a74414f213e9e9d1c524808bfc8aba"
},
{
"match_only_versions": [
"13"
],
"signature_type": "Function",
"target": {
"file": "libs/WindowManager/Jetpack/src/androidx/window/extensions/embedding/TaskFragmentAnimationSpec.java",
"function": "TaskFragmentAnimationSpec"
},
"id": "PUB-A-238178261-774602a0",
"digest": {
"function_hash": "171528499359456449195937812793659950596",
"length": 776.0
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/43ca1914b2342aa483aeea7601c8fc72e13b4512",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"function_hash": "79435285252376927892255499175014685135",
"length": 875.0
},
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/transition/Transitions.java",
"function": "onInit"
},
"signature_version": "v1",
"id": "PUB-A-238178261-81af3f64",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/43ca1914b2342aa483aeea7601c8fc72e13b4512"
},
{
"match_only_versions": [
"13"
],
"signature_type": "Function",
"target": {
"file": "libs/WindowManager/Jetpack/src/androidx/window/extensions/embedding/TaskFragmentAnimationSpec.java",
"function": "onChange"
},
"id": "PUB-A-238178261-8a0b0d74",
"digest": {
"function_hash": "337014555518858139107862065201505702167",
"length": 212.0
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/43ca1914b2342aa483aeea7601c8fc72e13b4512",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"function_hash": "201859420605116633952726035213868889980",
"length": 638.0
},
"target": {
"file": "core/java/com/android/internal/view/inline/InlineTooltipUi.java",
"function": "update"
},
"signature_version": "v1",
"id": "PUB-A-238178261-a6bceda7",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/f73a7285093565efcdd8bce37d5981cb510d771a"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "153438964441677559322101866908505992175",
"length": 6869.0
},
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java",
"function": "handleMessage"
},
"signature_version": "v1",
"id": "PUB-A-238178261-abff35b3",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/f73a7285093565efcdd8bce37d5981cb510d771a"
},
{
"match_only_versions": [
"13"
],
"signature_type": "Line",
"target": {
"file": "core/java/android/view/WindowManager.java"
},
"id": "PUB-A-238178261-b70cc099",
"digest": {
"threshold": 0.9,
"line_hashes": [
"146381432265428242202905280497551747133",
"251845923583290903452967902227359960901",
"191706558759314455861741754551604421770"
]
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/43ca1914b2342aa483aeea7601c8fc72e13b4512",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"function_hash": "206243910365866718935603807450689204913",
"length": 7335.0
},
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java",
"function": "WindowManagerService"
},
"signature_version": "v1",
"id": "PUB-A-238178261-bda44308",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/43ca1914b2342aa483aeea7601c8fc72e13b4512"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"31865397303611259460075625717892647529",
"115122550763636764206084105487644207876",
"283043683441350417540975630936105477537",
"130111776901087235533505883582637826491",
"315842015713415659637133082574948188922",
"13817597910379207597672324008403683596",
"318739274953419975653664386807381103121",
"180505207403977120434552897365818663334",
"173191301846044779695885063078757678021",
"144202644866980971146673121285730137722",
"129583725217726773835008895358820439747",
"237131942628776587675756193829077562106",
"255332934185085776695115817832583990976",
"185370390930148715109370875034914309411",
"254584072853275798111010578506862526526",
"109669870014132896127397959218012602159",
"223707071334218277556134809194012021074",
"251402892021365624014300081725370306064",
"40376085057706253268253068725788740604",
"217512219088835853964284557392684338412",
"116708642127826467736163229145836495316",
"263182582586021873711507218337033576362",
"176250483985883823877821212271939183713",
"83341259494174806458982392629489290847",
"116875875323522794246267056445889772433",
"123916896898911628762821687771410399638",
"206814978408016439170109568064391548814",
"76173258146928245908143748264121639551",
"36561925937000636732507483749658019870"
]
},
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java"
},
"signature_version": "v1",
"id": "PUB-A-238178261-cc24a188",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/43ca1914b2342aa483aeea7601c8fc72e13b4512"
},
{
"match_only_versions": [
"13"
],
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java",
"function": "fixScale"
},
"id": "PUB-A-238178261-ce15987f",
"digest": {
"function_hash": "250134767659603626781558842417293236603",
"length": 134.0
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/43ca1914b2342aa483aeea7601c8fc72e13b4512",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"function_hash": "174530090101246246181850453379963754774",
"length": 6997.0
},
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java",
"function": "handleMessage"
},
"signature_version": "v1",
"id": "PUB-A-238178261-f1ce6e7e",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/43ca1914b2342aa483aeea7601c8fc72e13b4512"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"97815300335650069635752344600202596642",
"183278386398298077693948287058730333214",
"311720375541462654670114689459281963265",
"257673605042466090621382538410385413818",
"219782799172838866293189839625886628162",
"76311668742879507808902717575431482880",
"69584378884454766667911424266760141782",
"270746280479874463755195987631732900748",
"101460328479330055905218862966520142144",
"263507819195617838712243835487425992857",
"191479095295753553048108958421085185751",
"196415733520877003629598957510062996099",
"164026004893197483846397105276613627893",
"300348070369512504766071302996692751597",
"127942697719231317185328310292412601907",
"201011667429504662114925768173588200136",
"184410617911910319559869328731725223788",
"177472491776457289689137064604791297947",
"4146479441121531548550292175532918138",
"247852548633289568178567713376186934460"
]
},
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/transition/Transitions.java"
},
"signature_version": "v1",
"id": "PUB-A-238178261-f8a77e10",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/43ca1914b2342aa483aeea7601c8fc72e13b4512"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "269237408937627012794942822805690469545",
"length": 6747.0
},
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java",
"function": "handleMessage"
},
"signature_version": "v1",
"id": "PUB-A-238178261-fce7c4a3",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/ed28faef53a74414f213e9e9d1c524808bfc8aba"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/43ca1914b2342aa483aeea7601c8fc72e13b4512",
"https://android.googlesource.com/platform/frameworks/base/+/f73a7285093565efcdd8bce37d5981cb510d771a",
"https://android.googlesource.com/platform/frameworks/base/+/ed28faef53a74414f213e9e9d1c524808bfc8aba"
],
"severity": "Moderate"
}