{"id":"ASB-A-208279300","details":"In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-208279300","CVE-2022-20197","PUB-A-208279300"],"modified":"2026-04-13T15:04:09.269232Z","published":"2022-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-09-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/011dda6e011aaba1112932576ae4080e10200d7c"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2022-09-01"}]}],"versions":["13-next"],"ecosystem_specific":{"spl":"2022-09-01","vanir_signatures":[{"target":{"function":"recycle","file":"core/java/android/os/Parcel.java"},"id":"ASB-A-208279300-7b603131","deprecated":false,"digest":{"function_hash":"295972483992823207807516585320029458283","length":407},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/011dda6e011aaba1112932576ae4080e10200d7c"},{"target":{"file":"core/java/android/os/Parcel.java"},"id":"ASB-A-208279300-aca52d55","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["316753909301305578740771338963451125640","86906117398184293737935705669161310446","289190745808397464931819942032085311598","134496265879813177300596224622561904500"]},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/011dda6e011aaba1112932576ae4080e10200d7c"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/011dda6e011aaba1112932576ae4080e10200d7c"],"types":["EoP"],"severity":"Moderate"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-208279300.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-09-01"}]}],"versions":["10"],"ecosystem_specific":{"spl":"2022-09-01","vanir_signatures":[{"target":{"file":"core/java/android/os/Parcel.java"},"id":"ASB-A-208279300-3c72f1f6","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["190755855770731689962267435101096468959","86906117398184293737935705669161310446","212459028660422030325060857746225986007","181767102729186952030736973014346787129"]},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/b5c79e141a81fa86fc834980d46886ac3c86ab11"},{"target":{"function":"recycle","file":"core/java/android/os/Parcel.java"},"id":"ASB-A-208279300-d26c01b1","deprecated":false,"digest":{"function_hash":"112903846374738674508434243132211659513","length":331},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/b5c79e141a81fa86fc834980d46886ac3c86ab11"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/b5c79e141a81fa86fc834980d46886ac3c86ab11"],"types":["EoP"],"severity":"Moderate"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-208279300.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-09-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2022-09-01","vanir_signatures":[{"target":{"function":"recycle","file":"core/java/android/os/Parcel.java"},"id":"ASB-A-208279300-7fb5111a","deprecated":false,"digest":{"function_hash":"112903846374738674508434243132211659513","length":331},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/b5c79e141a81fa86fc834980d46886ac3c86ab11"},{"target":{"file":"core/java/android/os/Parcel.java"},"id":"ASB-A-208279300-f0771b2f","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["190755855770731689962267435101096468959","86906117398184293737935705669161310446","212459028660422030325060857746225986007","181767102729186952030736973014346787129"]},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/b5c79e141a81fa86fc834980d46886ac3c86ab11"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/b5c79e141a81fa86fc834980d46886ac3c86ab11"],"types":["EoP"],"severity":"Moderate"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-208279300.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-09-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2022-09-01","vanir_signatures":[{"target":{"function":"recycle","file":"core/java/android/os/Parcel.java"},"id":"ASB-A-208279300-2231feec","deprecated":false,"digest":{"function_hash":"112903846374738674508434243132211659513","length":331},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/b5c79e141a81fa86fc834980d46886ac3c86ab11"},{"target":{"file":"core/java/android/os/Parcel.java"},"id":"ASB-A-208279300-dccf1c9b","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["190755855770731689962267435101096468959","86906117398184293737935705669161310446","212459028660422030325060857746225986007","181767102729186952030736973014346787129"]},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/b5c79e141a81fa86fc834980d46886ac3c86ab11"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/b5c79e141a81fa86fc834980d46886ac3c86ab11"],"types":["EoP"],"severity":"Moderate"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-208279300.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-09-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2022-09-01","vanir_signatures":[{"target":{"file":"core/java/android/os/Parcel.java"},"id":"ASB-A-208279300-3833ed4d","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["271829008703992931818398218078023132919","86906117398184293737935705669161310446","289190745808397464931819942032085311598","134496265879813177300596224622561904500"]},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/46770fa49c9a5e51a5ea5a3afc7aab0dba2e59bd"},{"target":{"function":"recycle","file":"core/java/android/os/Parcel.java"},"id":"ASB-A-208279300-78d30772","deprecated":false,"digest":{"function_hash":"295972483992823207807516585320029458283","length":407},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/46770fa49c9a5e51a5ea5a3afc7aab0dba2e59bd"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/46770fa49c9a5e51a5ea5a3afc7aab0dba2e59bd"],"types":["EoP"],"severity":"Moderate"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-208279300.json"}}],"schema_version":"1.7.5"}