ASB-A-239701237

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-239701237.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-239701237
Aliases
  • A-239701237
  • CVE-2022-20449
Published
2022-12-01T00:00:00Z
Modified
2024-08-07T19:30:02.270955Z
Summary
Overwrite/Delete arbitrary files with system permissions via DevicePolicyManager#setApplicationRestrictions
Details

In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2022-12-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "60676264421018491029098267007649352048",
                    "96880129610797312730379785827976580551",
                    "8916979314763594955163789788798071519",
                    "190311535256337988751608138939726760505",
                    "17941578793664301904950243975030905922",
                    "197600117250010257420588618957093355606",
                    "53797310922398388453958968680970082509",
                    "17234656718489223855727244315471540302",
                    "4494566512991468182257035036658827013",
                    "308688002306591719534515716485546701452",
                    "292882381086839317005526967849453008923"
                ]
            },
            "id": "ASB-A-239701237-08a5238b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/cfcfe6ca8c545f78603c05e23687f8638fd4b51d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 553.0,
                "function_hash": "3665991346729794305463037127088892183"
            },
            "id": "ASB-A-239701237-8b04e4e2",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/cfcfe6ca8c545f78603c05e23687f8638fd4b51d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java",
                "function": "setApplicationRestrictions"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/cfcfe6ca8c545f78603c05e23687f8638fd4b51d"
    ],
    "spl": "2022-12-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2022-12-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "60676264421018491029098267007649352048",
                    "96880129610797312730379785827976580551",
                    "8916979314763594955163789788798071519",
                    "190311535256337988751608138939726760505",
                    "17941578793664301904950243975030905922",
                    "197600117250010257420588618957093355606",
                    "53797310922398388453958968680970082509",
                    "17234656718489223855727244315471540302",
                    "4494566512991468182257035036658827013",
                    "308688002306591719534515716485546701452",
                    "292882381086839317005526967849453008923"
                ]
            },
            "id": "ASB-A-239701237-5b74ef30",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/cfcfe6ca8c545f78603c05e23687f8638fd4b51d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 553.0,
                "function_hash": "3665991346729794305463037127088892183"
            },
            "id": "ASB-A-239701237-feb6426a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/cfcfe6ca8c545f78603c05e23687f8638fd4b51d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java",
                "function": "setApplicationRestrictions"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/cfcfe6ca8c545f78603c05e23687f8638fd4b51d"
    ],
    "spl": "2022-12-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-12-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "8726669358009533754711768650652471102",
                    "297095608694449044964208227087478768880",
                    "328639330774714907100642728544503363204",
                    "17852590006241573587183847420349458720",
                    "180574211167961718387810598829512067092",
                    "270447186769324840768603429604711616687",
                    "291492784790979532703841348606774441797",
                    "17234656718489223855727244315471540302",
                    "4494566512991468182257035036658827013",
                    "100067285054918524368057218554415546387",
                    "211161732107471073183069677845043101530"
                ]
            },
            "id": "ASB-A-239701237-f2c58b61",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1b9b59c63bffc675a042cba6cd666831abef2c3e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 634.0,
                "function_hash": "23443127663564534087095444263018226139"
            },
            "id": "ASB-A-239701237-f3d19096",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1b9b59c63bffc675a042cba6cd666831abef2c3e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java",
                "function": "setApplicationRestrictions"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/1b9b59c63bffc675a042cba6cd666831abef2c3e"
    ],
    "spl": "2022-12-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2022-12-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 634.0,
                "function_hash": "23443127663564534087095444263018226139"
            },
            "id": "ASB-A-239701237-48c7650c",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1b9b59c63bffc675a042cba6cd666831abef2c3e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java",
                "function": "setApplicationRestrictions"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "8726669358009533754711768650652471102",
                    "297095608694449044964208227087478768880",
                    "328639330774714907100642728544503363204",
                    "17852590006241573587183847420349458720",
                    "180574211167961718387810598829512067092",
                    "270447186769324840768603429604711616687",
                    "291492784790979532703841348606774441797",
                    "17234656718489223855727244315471540302",
                    "4494566512991468182257035036658827013",
                    "100067285054918524368057218554415546387",
                    "211161732107471073183069677845043101530"
                ]
            },
            "id": "ASB-A-239701237-83f36119",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1b9b59c63bffc675a042cba6cd666831abef2c3e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/1b9b59c63bffc675a042cba6cd666831abef2c3e"
    ],
    "spl": "2022-12-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}