{"id":"ASB-A-176094367","details":"In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level \u003c 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.","aliases":["A-176094367","CVE-2022-20442"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2022-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-12-01"}],"affected":[{"package":{"name":"platform/packages/apps/PackageInstaller","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-12-01"}]}],"versions":["10"],"ecosystem_specific":{"spl":"2022-12-01","types":["EoP"],"vanir_signatures":[{"signature_version":"v1","target":{"file":"src/com/android/packageinstaller/permission/ui/ReviewPermissionsActivity.java"},"id":"ASB-A-176094367-e5b1b65f","source":"https://android.googlesource.com/platform/packages/apps/PackageInstaller/+/725244f010c9c5ed5b169c2ec00600864fce38ab","deprecated":false,"digest":{"line_hashes":["131548812861006055530464043961854370772","291323132068501938880325320721381375409","95384460143037097415898460329511075946","319698469046129652518560868639908386550","268589551327048145713816909398404480884","173233552244338388278893104303091464527","6566350594781407074702540494698510848"],"threshold":0.9},"signature_type":"Line"},{"signature_version":"v1","target":{"function":"onCreate","file":"src/com/android/packageinstaller/permission/ui/ReviewPermissionsActivity.java"},"id":"ASB-A-176094367-ee3df61f","source":"https://android.googlesource.com/platform/packages/apps/PackageInstaller/+/725244f010c9c5ed5b169c2ec00600864fce38ab","deprecated":false,"digest":{"function_hash":"135428959392356932519044964831642124671","length":600},"signature_type":"Function"}],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/PackageInstaller/+/725244f010c9c5ed5b169c2ec00600864fce38ab"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-176094367.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-12-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/cb6a249e1af72c89adf0f3f3179226723d8d389f"],"types":["EoP"],"vanir_signatures":[{"signature_version":"v1","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/ReviewPermissionsActivity.java"},"id":"ASB-A-176094367-37016cae","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/cb6a249e1af72c89adf0f3f3179226723d8d389f","deprecated":false,"digest":{"line_hashes":["131548812861006055530464043961854370772","291323132068501938880325320721381375409","95384460143037097415898460329511075946","288147811868668259498595617858469938520","268589551327048145713816909398404480884","173233552244338388278893104303091464527","6566350594781407074702540494698510848"],"threshold":0.9},"signature_type":"Line"},{"signature_version":"v1","target":{"function":"onCreate","file":"PermissionController/src/com/android/permissioncontroller/permission/ui/ReviewPermissionsActivity.java"},"id":"ASB-A-176094367-7d1d1ba3","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/cb6a249e1af72c89adf0f3f3179226723d8d389f","deprecated":false,"digest":{"function_hash":"135428959392356932519044964831642124671","length":600},"signature_type":"Function"}],"severity":"High","spl":"2022-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-176094367.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-12-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2022-12-01","types":["EoP"],"vanir_signatures":[{"signature_version":"v1","target":{"function":"onCreate","file":"PermissionController/src/com/android/permissioncontroller/permission/ui/ReviewPermissionsActivity.java"},"id":"ASB-A-176094367-074c608b","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/cb6a249e1af72c89adf0f3f3179226723d8d389f","deprecated":false,"digest":{"function_hash":"135428959392356932519044964831642124671","length":600},"signature_type":"Function"},{"signature_version":"v1","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/ReviewPermissionsActivity.java"},"id":"ASB-A-176094367-811d0424","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/cb6a249e1af72c89adf0f3f3179226723d8d389f","deprecated":false,"digest":{"line_hashes":["131548812861006055530464043961854370772","291323132068501938880325320721381375409","95384460143037097415898460329511075946","288147811868668259498595617858469938520","268589551327048145713816909398404480884","173233552244338388278893104303091464527","6566350594781407074702540494698510848"],"threshold":0.9},"signature_type":"Line"}],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/cb6a249e1af72c89adf0f3f3179226723d8d389f"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-176094367.json"}}],"schema_version":"1.7.5"}