{"id":"ASB-A-179699767","details":"In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-179699767","CVE-2022-20004"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2022-05-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-05-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/b55656825844f8ac1d776da0b3290a4e9948ba4f"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-05-01"}]}],"versions":["10"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"services/core/java/com/android/server/slice/SliceManagerService.java"},"id":"ASB-A-179699767-0b3f8e3a","digest":{"threshold":0.9,"line_hashes":["226760433165813380990153619519066009195","198238097207668302298535804286695971443","747526148792920550608566485759371786","194663801245171228071477207088008390990"]},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9","signature_type":"Line","signature_version":"v1"},{"digest":{"length":1170,"function_hash":"170738253548447665571067266136931173848"},"id":"ASB-A-179699767-5eb47681","target":{"function":"checkSlicePermission","file":"services/core/java/com/android/server/slice/SliceManagerService.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9","signature_type":"Function","signature_version":"v1"}],"types":["EoP"],"spl":"2022-05-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-179699767.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-05-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","types":["EoP"],"spl":"2022-05-01","vanir_signatures":[{"target":{"file":"services/core/java/com/android/server/slice/SliceManagerService.java"},"id":"ASB-A-179699767-502ce88c","signature_type":"Line","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9","digest":{"threshold":0.9,"line_hashes":["226760433165813380990153619519066009195","198238097207668302298535804286695971443","747526148792920550608566485759371786","194663801245171228071477207088008390990"]},"signature_version":"v1"},{"target":{"function":"checkSlicePermission","file":"services/core/java/com/android/server/slice/SliceManagerService.java"},"id":"ASB-A-179699767-ce57a002","digest":{"length":1170,"function_hash":"170738253548447665571067266136931173848"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9","signature_type":"Function","signature_version":"v1"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-179699767.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-05-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"services/core/java/com/android/server/slice/SliceManagerService.java","function":"checkSlicePermission"},"id":"ASB-A-179699767-85f258bf","digest":{"length":1170,"function_hash":"170738253548447665571067266136931173848"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9","signature_type":"Function","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["226760433165813380990153619519066009195","198238097207668302298535804286695971443","747526148792920550608566485759371786","194663801245171228071477207088008390990"]},"id":"ASB-A-179699767-f0c53c2f","target":{"file":"services/core/java/com/android/server/slice/SliceManagerService.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9","signature_type":"Line","signature_version":"v1"}],"types":["EoP"],"spl":"2022-05-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-179699767.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-05-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","types":["EoP"],"spl":"2022-05-01","vanir_signatures":[{"target":{"function":"checkSlicePermission","file":"services/core/java/com/android/server/slice/SliceManagerService.java"},"id":"ASB-A-179699767-226df259","digest":{"length":1170,"function_hash":"170738253548447665571067266136931173848"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9","signature_type":"Function","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["226760433165813380990153619519066009195","198238097207668302298535804286695971443","747526148792920550608566485759371786","194663801245171228071477207088008390990"]},"id":"ASB-A-179699767-5d4522b2","target":{"file":"services/core/java/com/android/server/slice/SliceManagerService.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9","signature_type":"Line","signature_version":"v1"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-179699767.json"}}],"schema_version":"1.7.5"}