ASB-A-179725730

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-179725730.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-179725730
Aliases
  • A-179725730
  • CVE-2022-20466
Published
2022-12-01T00:00:00Z
Modified
2024-08-07T19:29:16.088358Z
Summary
[INTERNAL SHADOW][Zebra] FLAG_SECURE is not included in KeyGaurd and Set Pin/Password screen
Details

In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2022-12-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 869.0,
                "function_hash": "32112785799434369277455898230085346341"
            },
            "id": "ASB-A-179725730-42b90cca",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c561831af7af834b66ce0df3a169fffc08d2d3b5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarWindowController.java",
                "function": "applyKeyguardFlags"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "206388424328273095472547919735556360098",
                    "143742061301310899424399124699943284487",
                    "199439796058436299287260668393680552919",
                    "140682613378095423607532018032168411430",
                    "205640854106965017169913628306364284343",
                    "36858196382418987736342278877714197593",
                    "270289437993034780912143925452963611565",
                    "108856232352897871721345197359326466316"
                ]
            },
            "id": "ASB-A-179725730-8c43ab7d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c561831af7af834b66ce0df3a169fffc08d2d3b5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarWindowController.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/c561831af7af834b66ce0df3a169fffc08d2d3b5"
    ],
    "spl": "2022-12-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2022-12-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "206388424328273095472547919735556360098",
                    "143742061301310899424399124699943284487",
                    "199439796058436299287260668393680552919",
                    "106744106952491222330069386595066401645",
                    "115540909207101243672379137998540565970",
                    "298584398642579013765659294575866064382",
                    "132088261251775869681370521687697169569",
                    "178566187230414850999822235989713981936"
                ]
            },
            "id": "ASB-A-179725730-0ee10a69",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bc2146966bd931b18ef0a0243508a49be70e7d0b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/NotificationShadeWindowController.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1067.0,
                "function_hash": "176507910328629998864627512409606461410"
            },
            "id": "ASB-A-179725730-f846d291",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bc2146966bd931b18ef0a0243508a49be70e7d0b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/NotificationShadeWindowController.java",
                "function": "applyKeyguardFlags"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/bc2146966bd931b18ef0a0243508a49be70e7d0b"
    ],
    "spl": "2022-12-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-12-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1811.0,
                "function_hash": "57140796250524282571834489060778882960"
            },
            "id": "ASB-A-179725730-869879d6",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/18ddad1f5a3d9592e063c3d3a70278bccc2e08e5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/NotificationShadeWindowControllerImpl.java",
                "function": "applyKeyguardFlags"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "169523476080409714836793397272207115125",
                    "54734196761798246902517049670059348202",
                    "239676799083180752913046959337186065538",
                    "11980846928859312755385768075647391572",
                    "243031757802001598505788680975253591531",
                    "120337641038823213914100008065611879597",
                    "28541874676783003466994450681132831710",
                    "178566187230414850999822235989713981936"
                ]
            },
            "id": "ASB-A-179725730-c402404c",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/18ddad1f5a3d9592e063c3d3a70278bccc2e08e5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/NotificationShadeWindowControllerImpl.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/18ddad1f5a3d9592e063c3d3a70278bccc2e08e5"
    ],
    "spl": "2022-12-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-12-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "77632166037785563477301649169355439862",
                    "206272812011591068626547451252104957714",
                    "109338183324050815369444470891531852019",
                    "42349531172320306814973152263390291023",
                    "6842066343258219881475667399303400142",
                    "185629602965231416143495472980400217426",
                    "330988969578661017702555886144300404478",
                    "211309291694407781043097154787800588039"
                ]
            },
            "id": "ASB-A-179725730-45df9b9f",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/98e3bfdebb99cb3f47b16cfde2181fcb553db8c8",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/password/ChooseLockPattern.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 224.0,
                "function_hash": "1876796778353233715120306577456675337"
            },
            "id": "ASB-A-179725730-5aa9b61e",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/98e3bfdebb99cb3f47b16cfde2181fcb553db8c8",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/password/ChooseLockPattern.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 224.0,
                "function_hash": "1876796778353233715120306577456675337"
            },
            "id": "ASB-A-179725730-9695f520",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/98e3bfdebb99cb3f47b16cfde2181fcb553db8c8",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/password/ChooseLockPassword.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "77632166037785563477301649169355439862",
                    "227443652848767666876239169462992302764",
                    "160164407276467169775142383179500862973",
                    "283015014777678516905687575074464937147",
                    "6842066343258219881475667399303400142",
                    "185629602965231416143495472980400217426",
                    "257061215894855239412849028474193853457",
                    "59256534534552524715323150364103201883"
                ]
            },
            "id": "ASB-A-179725730-e8d7f2ab",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/98e3bfdebb99cb3f47b16cfde2181fcb553db8c8",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/password/ChooseLockPassword.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/98e3bfdebb99cb3f47b16cfde2181fcb553db8c8"
    ],
    "spl": "2022-12-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-12-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1811.0,
                "function_hash": "57140796250524282571834489060778882960"
            },
            "id": "ASB-A-179725730-6d01f08f",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bcebd3e9b935f4af10afc798bdb8c9b41992d3d8",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/NotificationShadeWindowControllerImpl.java",
                "function": "applyKeyguardFlags"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "169523476080409714836793397272207115125",
                    "54734196761798246902517049670059348202",
                    "239676799083180752913046959337186065538",
                    "11980846928859312755385768075647391572",
                    "243031757802001598505788680975253591531",
                    "120337641038823213914100008065611879597",
                    "28541874676783003466994450681132831710",
                    "178566187230414850999822235989713981936"
                ]
            },
            "id": "ASB-A-179725730-8dedb9ac",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bcebd3e9b935f4af10afc798bdb8c9b41992d3d8",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/NotificationShadeWindowControllerImpl.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/bcebd3e9b935f4af10afc798bdb8c9b41992d3d8"
    ],
    "spl": "2022-12-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-12-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "56042887117134869756448428824110572018",
                    "273057023033934039431332532714873271421",
                    "109338183324050815369444470891531852019",
                    "42349531172320306814973152263390291023",
                    "6842066343258219881475667399303400142",
                    "185629602965231416143495472980400217426",
                    "330988969578661017702555886144300404478",
                    "211309291694407781043097154787800588039"
                ]
            },
            "id": "ASB-A-179725730-52f1675c",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/27bddff2aca2b6095eba52f3a55532c511d77767",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/password/ChooseLockPattern.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 224.0,
                "function_hash": "1876796778353233715120306577456675337"
            },
            "id": "ASB-A-179725730-b265392f",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/27bddff2aca2b6095eba52f3a55532c511d77767",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/password/ChooseLockPattern.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 224.0,
                "function_hash": "1876796778353233715120306577456675337"
            },
            "id": "ASB-A-179725730-d4874e42",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/27bddff2aca2b6095eba52f3a55532c511d77767",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/password/ChooseLockPassword.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "77632166037785563477301649169355439862",
                    "227443652848767666876239169462992302764",
                    "160164407276467169775142383179500862973",
                    "283015014777678516905687575074464937147",
                    "6842066343258219881475667399303400142",
                    "185629602965231416143495472980400217426",
                    "257061215894855239412849028474193853457",
                    "59256534534552524715323150364103201883"
                ]
            },
            "id": "ASB-A-179725730-e40772e3",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/27bddff2aca2b6095eba52f3a55532c511d77767",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/password/ChooseLockPassword.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/27bddff2aca2b6095eba52f3a55532c511d77767"
    ],
    "spl": "2022-12-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2022-12-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "56042887117134869756448428824110572018",
                    "273057023033934039431332532714873271421",
                    "109338183324050815369444470891531852019",
                    "42349531172320306814973152263390291023",
                    "6842066343258219881475667399303400142",
                    "185629602965231416143495472980400217426",
                    "330988969578661017702555886144300404478",
                    "211309291694407781043097154787800588039"
                ]
            },
            "id": "ASB-A-179725730-192ee6ae",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/aac79b894f960aab53e4026db4ba07e7eaf7959c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/password/ChooseLockPattern.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 224.0,
                "function_hash": "1876796778353233715120306577456675337"
            },
            "id": "ASB-A-179725730-2a34a7dc",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/aac79b894f960aab53e4026db4ba07e7eaf7959c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/password/ChooseLockPattern.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 224.0,
                "function_hash": "1876796778353233715120306577456675337"
            },
            "id": "ASB-A-179725730-7306af98",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/aac79b894f960aab53e4026db4ba07e7eaf7959c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/password/ChooseLockPassword.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "77632166037785563477301649169355439862",
                    "227443652848767666876239169462992302764",
                    "160164407276467169775142383179500862973",
                    "283015014777678516905687575074464937147",
                    "6842066343258219881475667399303400142",
                    "185629602965231416143495472980400217426",
                    "257061215894855239412849028474193853457",
                    "59256534534552524715323150364103201883"
                ]
            },
            "id": "ASB-A-179725730-c0b8158f",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/aac79b894f960aab53e4026db4ba07e7eaf7959c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/password/ChooseLockPassword.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/aac79b894f960aab53e4026db4ba07e7eaf7959c"
    ],
    "spl": "2022-12-01",
    "severity": "Moderate",
    "types": [
        "ID"
    ]
}