UBUNTU-CVE-2022-20476

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-20476

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-20476.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-20476

Upstream

CVE-2022-20476

Published

2022-12-13T16:15:00Z

Modified

2025-10-24T04:53:21Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-240936919

References

Affected packages

Ubuntu:18.04:LTS / android-framework-23

Package

Name: android-framework-23
Purl: pkg:deb/ubuntu/android-framework-23@6.0.1+r72-5~18.04?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.0.1+r72-3

6.0.1+r72-4

6.0.1+r72-5~18.04

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "android-sdk-platform-23",
            "binary_version": "6.0.1+r72-5~18.04"
        },
        {
            "binary_name": "libandroid-23-java",
            "binary_version": "6.0.1+r72-5~18.04"
        },
        {
            "binary_name": "libandroid-uiautomator-23-java",
            "binary_version": "6.0.1+r72-5~18.04"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-20476.json"

Ubuntu:20.04:LTS / android-framework-23

Package

Name: android-framework-23
Purl: pkg:deb/ubuntu/android-framework-23@6.0.1+r72-5?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.0.1+r72-5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "android-sdk-platform-23",
            "binary_version": "6.0.1+r72-5"
        },
        {
            "binary_name": "libandroid-23-java",
            "binary_version": "6.0.1+r72-5"
        },
        {
            "binary_name": "libandroid-uiautomator-23-java",
            "binary_version": "6.0.1+r72-5"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-20476.json"

Ubuntu:22.04:LTS / android-framework-23

Package

Name: android-framework-23
Purl: pkg:deb/ubuntu/android-framework-23@6.0.1+r72-6?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.0.1+r72-6

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "android-sdk-platform-23",
            "binary_version": "6.0.1+r72-6"
        },
        {
            "binary_name": "libandroid-23-java",
            "binary_version": "6.0.1+r72-6"
        },
        {
            "binary_name": "libandroid-uiautomator-23-java",
            "binary_version": "6.0.1+r72-6"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-20476.json"

Ubuntu:24.04:LTS / android-framework-23

Package

Name: android-framework-23
Purl: pkg:deb/ubuntu/android-framework-23@6.0.1+r72-6ubuntu1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.0.1+r72-6

6.0.1+r72-6ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "android-sdk-platform-23",
            "binary_version": "6.0.1+r72-6ubuntu1"
        },
        {
            "binary_name": "libandroid-23-java",
            "binary_version": "6.0.1+r72-6ubuntu1"
        },
        {
            "binary_name": "libandroid-uiautomator-23-java",
            "binary_version": "6.0.1+r72-6ubuntu1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-20476.json"