{"id":"ASB-A-213323615","details":"In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-213323615","CVE-2022-20392"],"modified":"2026-05-01T15:24:27.653932Z","published":"2022-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-09-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/745e31e1be11d0b2f005590c4d448a8cb9bfbe35"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2022-09-01"}]}],"versions":["13-next"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-213323615-65bfc3f8","target":{"function":"parseBaseApkTags","file":"services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/768169a8e1b65cdd4f47fed52a8b3fff18016061","digest":{"length":2309,"function_hash":"222477290850616987492039786133937418277"},"deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-213323615-865932be","target":{"file":"services/core/java/com/android/server/pm/pkg/component/ParsedPermissionUtils.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/768169a8e1b65cdd4f47fed52a8b3fff18016061","digest":{"threshold":0.9,"line_hashes":["171954828546494665638449620237007476146","138230328125735189702551647118258522300","66911870150652868372762664757020976034","126544075330880814485597373368838234029","161955626396984310422053415133790104868","44224016879351917650399198346077428727","258711060345342370887990952933405685337","317197493576894256207066853499986172570","246463573195658993781943180954645172040","145317144895435869522785638478994222335","178436679841938312293330076258015284872","118113043254339526114670024925213760415","184619219455531940373010508355025659920","93343326006408052363045059849964387748","325322957684507868993071065258824276295","286047412350252109457618375108665998574"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-213323615-d81e6f7d","target":{"file":"services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/768169a8e1b65cdd4f47fed52a8b3fff18016061","digest":{"threshold":0.9,"line_hashes":["117734366611283682658654943499471071695","276769917539867857987563833180772071061","45281106013445078395372620220823851808","174605364919204227151076438204749758300"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-213323615-f4997800","target":{"function":"declareDuplicatePermission","file":"services/core/java/com/android/server/pm/pkg/component/ParsedPermissionUtils.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/768169a8e1b65cdd4f47fed52a8b3fff18016061","digest":{"length":557,"function_hash":"112977023920727231037731816425652706666"},"deprecated":false,"signature_version":"v1","signature_type":"Function"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/45b23196772a4fe8875f2ca6514208fe368c2cd5","https://android.googlesource.com/platform/frameworks/base/+/768169a8e1b65cdd4f47fed52a8b3fff18016061"],"spl":"2022-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-213323615.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-09-01"}]}],"versions":["10"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-213323615-825c11bd","target":{"file":"core/java/android/content/pm/PackageParser.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/31bd425bb66b108cdec357a00f4a586379bcd33a","digest":{"threshold":0.9,"line_hashes":["188699400104044092819147146443519659988","293801403865878645900028306423536692043","293689986215439404709957682108036202438","85561819563484648053084880425161231140","231088565817113626913859475956546366049","127723794484949765253308390424340886076","289813876127781859409162812311882125720","277580085141545940257826528018572104067","200837008128332139592711974640783398098","255760948579642866354411139308896485145","279983292969872000786696812348496587372","111185961665560459476792883498641861581","87763767637835835745134353284850099186","7767745543790808411011488352182659809"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-213323615-f8466737","target":{"function":"parseBaseApkCommon","file":"core/java/android/content/pm/PackageParser.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/31bd425bb66b108cdec357a00f4a586379bcd33a","digest":{"length":17224,"function_hash":"221683797801226663888042917378851067973"},"deprecated":false,"signature_version":"v1","signature_type":"Function"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/50d343c656921ba9c730c68b7a41de6b15f57f03","https://android.googlesource.com/platform/frameworks/base/+/31bd425bb66b108cdec357a00f4a586379bcd33a"],"spl":"2022-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-213323615.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-09-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-213323615-572ab99e","target":{"file":"core/java/android/content/pm/parsing/component/ParsedPermissionUtils.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/f9a9dc720c151ce9d8a2bba6f5400f5a8f759b2d","digest":{"threshold":0.9,"line_hashes":["305401523789499478827361557217961658045","102413550799631146447224294227010522080","87971491308847713561417604219896459843","113131329508990271118021391579675679397","179195736965089138526883985577918343094","55405762641005904618620824843357796760","92535241445486926952776061151884044920","197367873607234268646028747359521864696","337123267244188402432015517011801665134","162975221799299857987152505544839104588"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-213323615-c7f8efd9","target":{"function":"parseBaseApkTags","file":"core/java/android/content/pm/parsing/ParsingPackageUtils.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/f9a9dc720c151ce9d8a2bba6f5400f5a8f759b2d","digest":{"length":2188,"function_hash":"280932360100611518604172093024776033945"},"deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-213323615-fd3c0cf0","target":{"file":"core/java/android/content/pm/parsing/ParsingPackageUtils.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/f9a9dc720c151ce9d8a2bba6f5400f5a8f759b2d","digest":{"threshold":0.9,"line_hashes":["4852701972688570944352678454668752570","249479494306241659973766196730396190843","329987915965942833107201356462141170304","33120293543104832175888766753343462142","47371257511090445633612852528199684994","28328073654286549053901239839352771712","112621608431384631126549263526452059074"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/bbe2a118277d9b225a272c53e509fdeb2fe0a993","https://android.googlesource.com/platform/frameworks/base/+/f9a9dc720c151ce9d8a2bba6f5400f5a8f759b2d"],"spl":"2022-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-213323615.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-09-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-213323615-9bd5b0e9","target":{"file":"core/java/android/content/pm/parsing/component/ParsedPermissionUtils.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d","digest":{"threshold":0.9,"line_hashes":["238174133896978183187111184948420411824","102413550799631146447224294227010522080","87971491308847713561417604219896459843","113669925240391797581799984901176333066","194260612185699153829775252896703736038","239380133730887134163356706748051582986","66072770650890385991639424402343216567","247359269890610958875662004948764016911","337123267244188402432015517011801665134","162975221799299857987152505544839104588"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-213323615-a916a71b","target":{"file":"core/java/android/content/pm/parsing/ParsingPackageUtils.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d","digest":{"threshold":0.9,"line_hashes":["215224564606111572183109105517834768236","103717906963742723714051349868307315925","329987915965942833107201356462141170304","33120293543104832175888766753343462142","118249337739705624783597869770329249557","28328073654286549053901239839352771712","112621608431384631126549263526452059074"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-213323615-f4a8df9d","target":{"function":"parseBaseApkTags","file":"core/java/android/content/pm/parsing/ParsingPackageUtils.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d","digest":{"length":2112,"function_hash":"73688360684607996266791569226529616467"},"deprecated":false,"signature_version":"v1","signature_type":"Function"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/dfeea39dbc61ea9884e7e017335cbdf4942fa181","https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d"],"spl":"2022-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-213323615.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-09-01"}]}],"versions":["12L"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-213323615-1113719f","target":{"file":"core/java/android/content/pm/parsing/ParsingPackageUtils.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d","digest":{"threshold":0.9,"line_hashes":["215224564606111572183109105517834768236","103717906963742723714051349868307315925","329987915965942833107201356462141170304","33120293543104832175888766753343462142","118249337739705624783597869770329249557","28328073654286549053901239839352771712","112621608431384631126549263526452059074"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-213323615-177f36d1","target":{"file":"core/java/android/content/pm/parsing/component/ParsedPermissionUtils.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d","digest":{"threshold":0.9,"line_hashes":["238174133896978183187111184948420411824","102413550799631146447224294227010522080","87971491308847713561417604219896459843","113669925240391797581799984901176333066","194260612185699153829775252896703736038","239380133730887134163356706748051582986","66072770650890385991639424402343216567","247359269890610958875662004948764016911","337123267244188402432015517011801665134","162975221799299857987152505544839104588"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-213323615-9aa388d8","target":{"function":"parseBaseApkTags","file":"core/java/android/content/pm/parsing/ParsingPackageUtils.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d","digest":{"length":2112,"function_hash":"73688360684607996266791569226529616467"},"deprecated":false,"signature_version":"v1","signature_type":"Function"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/dfeea39dbc61ea9884e7e017335cbdf4942fa181","https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d"],"spl":"2022-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-213323615.json"}}],"schema_version":"1.7.5"}