ASB-A-221859734

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-221859734.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-221859734
Aliases
  • A-221859734
  • CVE-2022-20398
Published
2022-09-01T00:00:00Z
Modified
2024-08-07T19:29:53.908105Z
Summary
[Multiple users join the WI-FI network by scanning the QR code]
Details

In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/modules/Wifi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2022-09-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1938.0,
                "function_hash": "293594231454106066202648911088914014586"
            },
            "id": "ASB-A-221859734-0f842235",
            "source": "https://android.googlesource.com/platform/packages/modules/Wifi/+/737e26535baeb007b9034f581b4616699b05725f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "service/java/com/android/server/wifi/WifiServiceImpl.java",
                "function": "addOrUpdateNetwork"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "106075586204482335038976748081962302294",
                    "50254125161359841256617685321503778893",
                    "134973327598480085166434995507770650837",
                    "28813555467455531340252744248365923111",
                    "225435854086273964432355916192461277807",
                    "82043909163773608070549931900080330595",
                    "129469515357280746322246128026138082303",
                    "289452559497219223745714617889368962341",
                    "37334760508184369337165119594598746289",
                    "129355241784036593595292419231383845311",
                    "225255828251713566110152665276759195922",
                    "74477090221252033040801604394725016148",
                    "245245506821984838658377438735566823394",
                    "133659126509778478122343584755180096842",
                    "148885302954478283238374509563882639897",
                    "257186594853830201459088892786358004881",
                    "278417732000440066771118080832195917380",
                    "214299252086930989744352307881169018017",
                    "70759636909357249512516047906321604701",
                    "242034345642079937495221304327996039587",
                    "232221736637048000480626678019606874799",
                    "231331281647827883607709863219391449970"
                ]
            },
            "id": "ASB-A-221859734-2d674781",
            "source": "https://android.googlesource.com/platform/packages/modules/Wifi/+/737e26535baeb007b9034f581b4616699b05725f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "service/java/com/android/server/wifi/WifiServiceImpl.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 70.0,
                "function_hash": "86098240229774875250991448927674820235"
            },
            "id": "ASB-A-221859734-96bc66c0",
            "source": "https://android.googlesource.com/platform/packages/modules/Wifi/+/737e26535baeb007b9034f581b4616699b05725f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "service/java/com/android/server/wifi/util/WifiPermissionsUtil.java",
                "function": "getCurrentUser"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "215906072357966659079777844652605955098",
                    "123427533635257855312621267060376553090",
                    "284278039488370649357553090113176000535",
                    "117240947406735192951363986640445889294",
                    "12720297399195096143680386400694880430",
                    "210018469119573588783296958352348880318"
                ]
            },
            "id": "ASB-A-221859734-9bbf9900",
            "source": "https://android.googlesource.com/platform/packages/modules/Wifi/+/737e26535baeb007b9034f581b4616699b05725f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "service/java/com/android/server/wifi/util/WifiPermissionsUtil.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Wifi/+/737e26535baeb007b9034f581b4616699b05725f"
    ],
    "spl": "2022-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}