{"id":"ASB-A-219044664","details":"In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-219044664","CVE-2022-20005"],"modified":"2026-05-26T15:46:26.044149249Z","published":"2022-05-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-05-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/5df6c3f7099d3d2e237f54c41692bdef5f090d45"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-05-01"}]}],"versions":["10"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/a5dd59db6d1889ae0aa95ef01bbf8c98e360a2f2"],"spl":"2022-05-01","vanir_signatures":[{"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/a5dd59db6d1889ae0aa95ef01bbf8c98e360a2f2","id":"ASB-A-219044664-1a69041b","digest":{"function_hash":"231990516022432859515481353455776451874","length":6954},"deprecated":false,"target":{"function":"validateApkInstallLocked","file":"services/core/java/com/android/server/pm/PackageInstallerSession.java"}},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["180540424809410108203819155674178703077","310192941804949544849809573407891877990","119835757437939988808744406930910971941","70541103374231375402887502243412630152","33594561195262327339142717655851560430","155927009038804990930832153736923090981","250405756640230757845653727125355385240","203884490892640686155713902095510326404","99683244548145421579673942579196578890","240835686705695241023296524170794580937","250527447965076997283029578436906981614","117468068627482448288391961128067969669"]},"source":"https://android.googlesource.com/platform/frameworks/base/+/a5dd59db6d1889ae0aa95ef01bbf8c98e360a2f2","id":"ASB-A-219044664-837b635c","deprecated":false,"target":{"file":"services/core/java/com/android/server/pm/PackageInstallerSession.java"},"signature_version":"v1"}],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-219044664.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-05-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/52a4337a4790350e8270b0712d9977159c07e096"],"spl":"2022-05-01","vanir_signatures":[{"target":{"file":"services/core/java/com/android/server/pm/PackageInstallerSession.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/52a4337a4790350e8270b0712d9977159c07e096","id":"ASB-A-219044664-8b7c1747","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["180540424809410108203819155674178703077","310192941804949544849809573407891877990","119835757437939988808744406930910971941","70541103374231375402887502243412630152","33594561195262327339142717655851560430","155927009038804990930832153736923090981","250405756640230757845653727125355385240","203884490892640686155713902095510326404","99683244548145421579673942579196578890","30731540922810736168728098478051819998","234229738927911877615018910976101797115","247795310976460709509992912805621675362"]}},{"target":{"function":"validateApkInstallLocked","file":"services/core/java/com/android/server/pm/PackageInstallerSession.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/52a4337a4790350e8270b0712d9977159c07e096","id":"ASB-A-219044664-f8cfcde2","signature_version":"v1","signature_type":"Function","digest":{"function_hash":"182370216373814584356638447485313003128","length":7728}}],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-219044664.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-05-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/5b2e8af805e559c484f4c17d96459a3284d48824"],"spl":"2022-05-01","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["126649318037345343753490697120452954107","194773562856015092151238496551787168544","232480445117399624084228075804858210752","70541103374231375402887502243412630152","171320219436343288127093230170613975268","241106788494647486170183478616371241689","286485087625539031559168727923564794757","119023713081308280265343167240695200326","99683244548145421579673942579196578890","30731540922810736168728098478051819998","234229738927911877615018910976101797115","247795310976460709509992912805621675362"]},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/5b2e8af805e559c484f4c17d96459a3284d48824","id":"ASB-A-219044664-71a43813","target":{"file":"services/core/java/com/android/server/pm/PackageInstallerSession.java"},"signature_version":"v1","signature_type":"Line"},{"digest":{"function_hash":"208139483470825842445175165543268099324","length":8530},"deprecated":false,"target":{"function":"validateApkInstallLocked","file":"services/core/java/com/android/server/pm/PackageInstallerSession.java"},"id":"ASB-A-219044664-81a2541b","source":"https://android.googlesource.com/platform/frameworks/base/+/5b2e8af805e559c484f4c17d96459a3284d48824","signature_version":"v1","signature_type":"Function"}],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-219044664.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-05-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/36b0e9e94c3af7e5f81b88d68447c890d1126498"],"severity":"High","spl":"2022-05-01","vanir_signatures":[{"digest":{"function_hash":"208139483470825842445175165543268099324","length":8530},"deprecated":false,"target":{"function":"validateApkInstallLocked","file":"services/core/java/com/android/server/pm/PackageInstallerSession.java"},"id":"ASB-A-219044664-5262c664","source":"https://android.googlesource.com/platform/frameworks/base/+/36b0e9e94c3af7e5f81b88d68447c890d1126498","signature_version":"v1","signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["126649318037345343753490697120452954107","194773562856015092151238496551787168544","232480445117399624084228075804858210752","70541103374231375402887502243412630152","171320219436343288127093230170613975268","241106788494647486170183478616371241689","286485087625539031559168727923564794757","119023713081308280265343167240695200326","99683244548145421579673942579196578890","30731540922810736168728098478051819998","234229738927911877615018910976101797115","247795310976460709509992912805621675362"]},"deprecated":false,"target":{"file":"services/core/java/com/android/server/pm/PackageInstallerSession.java"},"id":"ASB-A-219044664-967ee436","source":"https://android.googlesource.com/platform/frameworks/base/+/36b0e9e94c3af7e5f81b88d68447c890d1126498","signature_version":"v1","signature_type":"Line"}],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-219044664.json"}}],"schema_version":"1.7.5"}