{"id":"ASB-A-209438553","details":"In finishLsImpl of file_sync_client.cpp, there is a possible way to access host's files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-209438553","CVE-2022-20128"],"modified":"2026-05-26T15:46:26.044149249Z","published":"2022-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-06-01"}],"affected":[{"package":{"name":"platform/packages/modules/adb","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L-next:0"},{"fixed":"12L-next:2022-06-01"}]}],"versions":["12L-next"],"ecosystem_specific":{"severity":"High","types":["EoP"],"spl":"2022-06-01","fixes":["https://android.googlesource.com/platform/packages/modules/adb/+/f37fe345c4228613b469c60c38f20a70f872f5ee"],"vanir_signatures":[{"signature_type":"Line","id":"ASB-A-209438553-21862090","target":{"file":"client/file_sync_client.cpp"},"digest":{"line_hashes":["43519373372291504482562303623277054671","42513674874629715087525008961002588244","84805982387859587886263524482656592733","239497260391627227463620907319770989128"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/modules/adb/+/f37fe345c4228613b469c60c38f20a70f872f5ee","deprecated":false,"signature_version":"v1"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-209438553.json"}},{"package":{"name":"platform/system/core","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-06-01"}]}],"versions":["10"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/core/+/a36a342ec9721240e5a48ca50e833b9a35bef256"],"types":["EoP"],"spl":"2022-06-01","severity":"High","vanir_signatures":[{"signature_version":"v1","signature_type":"Line","target":{"file":"adb/client/file_sync_client.cpp"},"id":"ASB-A-209438553-6c17ddca","source":"https://android.googlesource.com/platform/system/core/+/a36a342ec9721240e5a48ca50e833b9a35bef256","deprecated":false,"digest":{"line_hashes":["80711276962557826394725161866216873168","60157816196309642791138344526668250644","92840156897427934868406618536527873566"],"threshold":0.9}},{"source":"https://android.googlesource.com/platform/system/core/+/a36a342ec9721240e5a48ca50e833b9a35bef256","signature_version":"v1","target":{"function":"sync_ls","file":"adb/client/file_sync_client.cpp"},"id":"ASB-A-209438553-89adb8fb","signature_type":"Function","deprecated":false,"digest":{"function_hash":"157008758856141494333839260213242044136","length":613}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-209438553.json"}},{"package":{"name":"platform/system/core","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-06-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/core/+/c3483e4c8a302e7852e0a334ffa90089337520ec"],"vanir_signatures":[{"signature_type":"Line","id":"ASB-A-209438553-9f313bf4","target":{"file":"adb/client/file_sync_client.cpp"},"digest":{"line_hashes":["311354455375036835439664639259146075983","320432990438448769653751063304718429671","193387877107222459009426779786812663766"],"threshold":0.9},"source":"https://android.googlesource.com/platform/system/core/+/c3483e4c8a302e7852e0a334ffa90089337520ec","deprecated":false,"signature_version":"v1"}],"spl":"2022-06-01","types":["EoP"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-209438553.json"}},{"package":{"name":"platform/packages/modules/adb","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-06-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/adb/+/b5ad48db08e2087310ffd31580020eb923fe12af"],"types":["EoP"],"spl":"2022-06-01","severity":"High","vanir_signatures":[{"signature_type":"Line","id":"ASB-A-209438553-d8133123","target":{"file":"client/file_sync_client.cpp"},"digest":{"line_hashes":["311354455375036835439664639259146075983","320432990438448769653751063304718429671","193387877107222459009426779786812663766"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/modules/adb/+/b5ad48db08e2087310ffd31580020eb923fe12af","deprecated":false,"signature_version":"v1"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-209438553.json"}},{"package":{"name":"platform/packages/modules/adb","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-06-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/adb/+/9a5ee7d573e51f58153a857dac48eda4e285beda"],"types":["EoP"],"spl":"2022-06-01","severity":"High","vanir_signatures":[{"source":"https://android.googlesource.com/platform/packages/modules/adb/+/9a5ee7d573e51f58153a857dac48eda4e285beda","signature_version":"v1","target":{"file":"client/file_sync_client.cpp"},"id":"ASB-A-209438553-af0223f9","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["311354455375036835439664639259146075983","320432990438448769653751063304718429671","193387877107222459009426779786812663766"],"threshold":0.9}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-209438553.json"}}],"schema_version":"1.7.5"}