{"id":"ASB-A-211114016","details":"In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-211114016","CVE-2022-20114"],"modified":"2026-04-22T14:59:17.843400Z","published":"2022-05-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-05-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a2f52c2d771e0acea6bb27fdbe6dae2b37f2df04"}],"affected":[{"package":{"name":"platform/packages/services/Telecomm","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-05-01"}]}],"versions":["10"],"ecosystem_specific":{"types":["EoP"],"severity":"High","vanir_signatures":[{"id":"ASB-A-211114016-b64503ac","source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["334496569029378158376356602430577385004","252726610288078477854267985688164103893","99122195730393576727765743222189936483","64610678140713121228375934500771637601","260578530871624581937041925452600512534","337730256662846322698942553963496997145","287604523731226794206619313113865311357","138061007320226678190819222677152281196"]},"deprecated":false,"target":{"file":"src/com/android/server/telecom/ServiceBinder.java"}},{"id":"ASB-A-211114016-ce35ce40","source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94","signature_type":"Function","signature_version":"v1","digest":{"length":788,"function_hash":"66878516958988472003176680037762736593"},"deprecated":false,"target":{"function":"onServiceConnected","file":"src/com/android/server/telecom/ServiceBinder.java"}}],"fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94"],"spl":"2022-05-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-211114016.json"}},{"package":{"name":"platform/packages/services/Telecomm","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-05-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["EoP"],"severity":"High","vanir_signatures":[{"id":"ASB-A-211114016-0fca5e6c","source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94","signature_type":"Function","signature_version":"v1","digest":{"length":788,"function_hash":"66878516958988472003176680037762736593"},"deprecated":false,"target":{"function":"onServiceConnected","file":"src/com/android/server/telecom/ServiceBinder.java"}},{"id":"ASB-A-211114016-c850c20a","source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["334496569029378158376356602430577385004","252726610288078477854267985688164103893","99122195730393576727765743222189936483","64610678140713121228375934500771637601","260578530871624581937041925452600512534","337730256662846322698942553963496997145","287604523731226794206619313113865311357","138061007320226678190819222677152281196"]},"deprecated":false,"target":{"file":"src/com/android/server/telecom/ServiceBinder.java"}}],"fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94"],"spl":"2022-05-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-211114016.json"}},{"package":{"name":"platform/packages/services/Telecomm","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-05-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["EoP"],"severity":"High","vanir_signatures":[{"id":"ASB-A-211114016-7ebc83f5","source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["334496569029378158376356602430577385004","252726610288078477854267985688164103893","99122195730393576727765743222189936483","64610678140713121228375934500771637601","260578530871624581937041925452600512534","337730256662846322698942553963496997145","287604523731226794206619313113865311357","138061007320226678190819222677152281196"]},"deprecated":false,"target":{"file":"src/com/android/server/telecom/ServiceBinder.java"}},{"id":"ASB-A-211114016-d4ce3872","source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94","signature_type":"Function","signature_version":"v1","digest":{"length":788,"function_hash":"66878516958988472003176680037762736593"},"deprecated":false,"target":{"function":"onServiceConnected","file":"src/com/android/server/telecom/ServiceBinder.java"}}],"fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94"],"spl":"2022-05-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-211114016.json"}},{"package":{"name":"platform/packages/services/Telecomm","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-05-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["EoP"],"severity":"High","vanir_signatures":[{"id":"ASB-A-211114016-aaea40d9","source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94","signature_type":"Function","signature_version":"v1","digest":{"length":788,"function_hash":"66878516958988472003176680037762736593"},"deprecated":false,"target":{"function":"onServiceConnected","file":"src/com/android/server/telecom/ServiceBinder.java"}},{"id":"ASB-A-211114016-bd312533","source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["334496569029378158376356602430577385004","252726610288078477854267985688164103893","99122195730393576727765743222189936483","64610678140713121228375934500771637601","260578530871624581937041925452600512534","337730256662846322698942553963496997145","287604523731226794206619313113865311357","138061007320226678190819222677152281196"]},"deprecated":false,"target":{"file":"src/com/android/server/telecom/ServiceBinder.java"}}],"fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94"],"spl":"2022-05-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-211114016.json"}}],"schema_version":"1.7.5"}