{"id":"ASB-A-212467440","details":"In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-212467440","CVE-2022-20116"],"modified":"2026-07-02T16:52:13.655137360Z","published":"2022-05-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-05-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/35998a72b71c1c18a77815e40a6b08bd9e93c97b"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-05-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2022-05-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/b029b005d8d4122d29cffc86b752fce13b1d4da6"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-212467440.json"}}],"schema_version":"1.7.5"}