{"id":"ASB-A-204906124","details":"In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-204906124","CVE-2022-20394"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2022-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-10-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/9df1f523f1193a653df37d27cfc1b91179b5204f"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-10-01"}]}],"versions":["10"],"ecosystem_specific":{"types":["ID"],"vanir_signatures":[{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/094ea03f14fea46161e7e5ac7b9f8a9c5d7c1ce3","target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java"},"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["141468153609562668994393624754862105064","126152882013058941129294814418596437297","137172877681078847471087295926777296182","207371306133226239606329683551557787498","164155130913160312493609904190641569509","102138500376196793242218171660316251558","315968056978142562903054399659890383256","81143836350565747183613529948149873624","104263978470508955145207475929234520053","27693688517626266369860510133124460963","176090476711488763385348340036848785704","105097210874115201030968931282720102176","109506092116546848140280844862266618853","278947635135486117207482925906274067203","152622448139923597724939268980635293576","7405336617044189840700367584300108515","28776240027154834474140139131754452411","6973780969376378422393123357553653841","111365816840044814753810843473005838708","67764196123294656511842632954287022448","123826413461090793457179181757650071060","296440300852680836121190296618569415095","25766232893959406618109028141374898125","255622610196879653642767521719973436647","179511516892236586236537884076171110127","131892866723213561597574534998935316519","34693002873726971528400834596352454474","82994238621821454591875713105564179566","289055332010466994089152306424151463334","299450715801246806645751198302356092263"]},"id":"ASB-A-204906124-1c764adf"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/094ea03f14fea46161e7e5ac7b9f8a9c5d7c1ce3","target":{"file":"services/core/java/com/android/server/inputmethod/MultiClientInputMethodManagerService.java"},"digest":{"line_hashes":["83974276084259880562610389509029730017","125600956322375750975868450054034445465","12887350709039265853477061114851467024","159085779451838875417834664242111228145"],"threshold":0.9},"signature_version":"v1","signature_type":"Line","id":"ASB-A-204906124-7e638d34"},{"digest":{"threshold":0.9,"line_hashes":["270222689777365805363207989524173784978","195146663012422112579192413816154846474","316886284012679230425127390107942420401","24975671687396821748941627819348888413"]},"deprecated":false,"target":{"file":"core/java/android/view/inputmethod/InputMethodManager.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/094ea03f14fea46161e7e5ac7b9f8a9c5d7c1ce3","signature_version":"v1","signature_type":"Line","id":"ASB-A-204906124-87337c8e"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/094ea03f14fea46161e7e5ac7b9f8a9c5d7c1ce3","target":{"file":"services/core/java/com/android/server/inputmethod/MultiClientInputMethodManagerService.java","function":"getInputMethodWindowVisibleHeight"},"id":"ASB-A-204906124-8f4227b2","signature_version":"v1","digest":{"function_hash":"64625478051987566817408411198218418000","length":48},"signature_type":"Function"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/094ea03f14fea46161e7e5ac7b9f8a9c5d7c1ce3","target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java","function":"getInputMethodWindowVisibleHeight"},"digest":{"function_hash":"193625215747254807880250643431487542195","length":88},"signature_version":"v1","signature_type":"Function","id":"ASB-A-204906124-a6167250"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/094ea03f14fea46161e7e5ac7b9f8a9c5d7c1ce3","target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java","function":"showSoftInput"},"digest":{"function_hash":"210086691543575732989549378840064946078","length":835},"signature_version":"v1","signature_type":"Function","id":"ASB-A-204906124-bb399495"}],"spl":"2022-10-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/094ea03f14fea46161e7e5ac7b9f8a9c5d7c1ce3"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-204906124.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-10-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["ID"],"vanir_signatures":[{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/fd7847b53344edb46d0b62fbdfb3f5b12ba6ac9e","target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java","function":"showSoftInput"},"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"246619960339134014101750848842875827589","length":901},"id":"ASB-A-204906124-31ccbdd6"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/fd7847b53344edb46d0b62fbdfb3f5b12ba6ac9e","target":{"file":"core/java/android/view/inputmethod/InputMethodManager.java"},"id":"ASB-A-204906124-4f95df8b","signature_version":"v1","digest":{"line_hashes":["270222689777365805363207989524173784978","195146663012422112579192413816154846474","316886284012679230425127390107942420401","24975671687396821748941627819348888413"],"threshold":0.9},"signature_type":"Line"},{"digest":{"function_hash":"64625478051987566817408411198218418000","length":48},"deprecated":false,"target":{"file":"services/core/java/com/android/server/inputmethod/MultiClientInputMethodManagerService.java","function":"getInputMethodWindowVisibleHeight"},"source":"https://android.googlesource.com/platform/frameworks/base/+/fd7847b53344edb46d0b62fbdfb3f5b12ba6ac9e","signature_version":"v1","signature_type":"Function","id":"ASB-A-204906124-92f5bd5f"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/fd7847b53344edb46d0b62fbdfb3f5b12ba6ac9e","target":{"file":"services/core/java/com/android/server/inputmethod/MultiClientInputMethodManagerService.java"},"digest":{"threshold":0.9,"line_hashes":["83974276084259880562610389509029730017","125600956322375750975868450054034445465","12887350709039265853477061114851467024","159085779451838875417834664242111228145"]},"signature_version":"v1","signature_type":"Line","id":"ASB-A-204906124-c85aba47"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/fd7847b53344edb46d0b62fbdfb3f5b12ba6ac9e","target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java","function":"getInputMethodWindowVisibleHeight"},"id":"ASB-A-204906124-ef10b5ef","signature_version":"v1","digest":{"function_hash":"193625215747254807880250643431487542195","length":88},"signature_type":"Function"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/fd7847b53344edb46d0b62fbdfb3f5b12ba6ac9e","target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java"},"id":"ASB-A-204906124-f84e04fc","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["141468153609562668994393624754862105064","126152882013058941129294814418596437297","137172877681078847471087295926777296182","207371306133226239606329683551557787498","164155130913160312493609904190641569509","102138500376196793242218171660316251558","323535884742121396966749458431604532868","178736369597720752727892766579745107237","104263978470508955145207475929234520053","27693688517626266369860510133124460963","176090476711488763385348340036848785704","105097210874115201030968931282720102176","109506092116546848140280844862266618853","278947635135486117207482925906274067203","152622448139923597724939268980635293576","7405336617044189840700367584300108515","28776240027154834474140139131754452411","6973780969376378422393123357553653841","111365816840044814753810843473005838708","67764196123294656511842632954287022448","123826413461090793457179181757650071060","296440300852680836121190296618569415095","25766232893959406618109028141374898125","255622610196879653642767521719973436647","20615873132404125034365328072097094376","131892866723213561597574534998935316519","34693002873726971528400834596352454474","82994238621821454591875713105564179566","289055332010466994089152306424151463334","299450715801246806645751198302356092263"]},"signature_type":"Line"}],"spl":"2022-10-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/fd7847b53344edb46d0b62fbdfb3f5b12ba6ac9e"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-204906124.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-10-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["ID"],"vanir_signatures":[{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/753331b390dc4d7cf895087223a8d72952af4de4","target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java","function":"showSoftInput"},"digest":{"function_hash":"10439773466687355960683199401379014497","length":1109},"signature_version":"v1","signature_type":"Function","id":"ASB-A-204906124-194cdf57"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/753331b390dc4d7cf895087223a8d72952af4de4","target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java"},"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["199820981071277627854459264243556768258","299831826081120042736315337404127059888","27049697355188242707229328820035351393","98165448008069486553612194003140525962","164155130913160312493609904190641569509","102138500376196793242218171660316251558","323535884742121396966749458431604532868","178736369597720752727892766579745107237","104263978470508955145207475929234520053","27693688517626266369860510133124460963","176090476711488763385348340036848785704","105097210874115201030968931282720102176","109506092116546848140280844862266618853","278947635135486117207482925906274067203","152622448139923597724939268980635293576","269533832347455700668625693233385330172","172382314362949356590961478931218939168","200049417736338416022220769925825426419","220601676738547864948911393335200914822","135822372753838651698736279719315609814","67764196123294656511842632954287022448","123826413461090793457179181757650071060","296440300852680836121190296618569415095","25766232893959406618109028141374898125","255622610196879653642767521719973436647","236050267629211613586286545054645320988","157293181107485528410484623071439093702","34693002873726971528400834596352454474","82994238621821454591875713105564179566","289055332010466994089152306424151463334","171103785610654647080351401498311198270"]},"id":"ASB-A-204906124-2a075328"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/753331b390dc4d7cf895087223a8d72952af4de4","target":{"file":"core/java/android/view/inputmethod/InputMethodManager.java"},"digest":{"line_hashes":["270222689777365805363207989524173784978","195146663012422112579192413816154846474","316886284012679230425127390107942420401","24975671687396821748941627819348888413"],"threshold":0.9},"signature_version":"v1","signature_type":"Line","id":"ASB-A-204906124-2d3567c6"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/753331b390dc4d7cf895087223a8d72952af4de4","target":{"file":"services/core/java/com/android/server/inputmethod/MultiClientInputMethodManagerService.java"},"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["83974276084259880562610389509029730017","125600956322375750975868450054034445465","12887350709039265853477061114851467024","159085779451838875417834664242111228145"]},"id":"ASB-A-204906124-387744aa"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/753331b390dc4d7cf895087223a8d72952af4de4","target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java","function":"getInputMethodWindowVisibleHeight"},"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"193625215747254807880250643431487542195","length":88},"id":"ASB-A-204906124-7e3dd484"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/753331b390dc4d7cf895087223a8d72952af4de4","digest":{"function_hash":"64625478051987566817408411198218418000","length":48},"target":{"file":"services/core/java/com/android/server/inputmethod/MultiClientInputMethodManagerService.java","function":"getInputMethodWindowVisibleHeight"},"deprecated":false,"signature_version":"v1","signature_type":"Function","id":"ASB-A-204906124-d1f968be"}],"spl":"2022-10-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/753331b390dc4d7cf895087223a8d72952af4de4"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-204906124.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-10-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["ID"],"vanir_signatures":[{"digest":{"function_hash":"10439773466687355960683199401379014497","length":1109},"deprecated":false,"target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java","function":"showSoftInput"},"source":"https://android.googlesource.com/platform/frameworks/base/+/2ab01736a62a53d967702c69db209d112538ff8a","signature_version":"v1","signature_type":"Function","id":"ASB-A-204906124-0c81f782"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/2ab01736a62a53d967702c69db209d112538ff8a","digest":{"function_hash":"64625478051987566817408411198218418000","length":48},"target":{"file":"services/core/java/com/android/server/inputmethod/MultiClientInputMethodManagerService.java","function":"getInputMethodWindowVisibleHeight"},"deprecated":false,"signature_version":"v1","signature_type":"Function","id":"ASB-A-204906124-1aeade69"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/2ab01736a62a53d967702c69db209d112538ff8a","target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java"},"signature_type":"Line","signature_version":"v1","digest":{"line_hashes":["199820981071277627854459264243556768258","299831826081120042736315337404127059888","27049697355188242707229328820035351393","98165448008069486553612194003140525962","164155130913160312493609904190641569509","102138500376196793242218171660316251558","323535884742121396966749458431604532868","178736369597720752727892766579745107237","104263978470508955145207475929234520053","27693688517626266369860510133124460963","176090476711488763385348340036848785704","105097210874115201030968931282720102176","109506092116546848140280844862266618853","278947635135486117207482925906274067203","152622448139923597724939268980635293576","269533832347455700668625693233385330172","172382314362949356590961478931218939168","200049417736338416022220769925825426419","220601676738547864948911393335200914822","135822372753838651698736279719315609814","67764196123294656511842632954287022448","123826413461090793457179181757650071060","296440300852680836121190296618569415095","25766232893959406618109028141374898125","255622610196879653642767521719973436647","236050267629211613586286545054645320988","157293181107485528410484623071439093702","34693002873726971528400834596352454474","82994238621821454591875713105564179566","289055332010466994089152306424151463334","171103785610654647080351401498311198270"],"threshold":0.9},"id":"ASB-A-204906124-4214bb77"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/2ab01736a62a53d967702c69db209d112538ff8a","digest":{"line_hashes":["83974276084259880562610389509029730017","125600956322375750975868450054034445465","12887350709039265853477061114851467024","159085779451838875417834664242111228145"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/inputmethod/MultiClientInputMethodManagerService.java"},"deprecated":false,"signature_version":"v1","signature_type":"Line","id":"ASB-A-204906124-7fd8f437"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/2ab01736a62a53d967702c69db209d112538ff8a","target":{"file":"core/java/android/view/inputmethod/InputMethodManager.java"},"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["270222689777365805363207989524173784978","195146663012422112579192413816154846474","316886284012679230425127390107942420401","24975671687396821748941627819348888413"]},"id":"ASB-A-204906124-bb3713cf"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/2ab01736a62a53d967702c69db209d112538ff8a","target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java","function":"getInputMethodWindowVisibleHeight"},"digest":{"function_hash":"193625215747254807880250643431487542195","length":88},"signature_version":"v1","signature_type":"Function","id":"ASB-A-204906124-efc38bc3"}],"spl":"2022-10-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/2ab01736a62a53d967702c69db209d112538ff8a"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-204906124.json"}}],"schema_version":"1.7.5"}