{"id":"ASB-A-221855295","details":"In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-221855295","CVE-2022-20395"],"modified":"2026-04-20T15:37:26.169566Z","published":"2022-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-09-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/9b7b8bd674491ce499d76b52cd2209d7db261ea0"}],"affected":[{"package":{"name":"platform/packages/providers/MediaProvider","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2022-09-01"}]}],"versions":["13-next"],"ecosystem_specific":{"types":["EoP"],"spl":"2022-09-01","severity":"High","fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/b18f2972ac20d5c086df3d645dd8518f4cead29b"],"vanir_signatures":[{"id":"ASB-A-221855295-1d378eec","target":{"file":"src/com/android/providers/media/MediaProvider.java"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["83227273977673201952415963432411165056","240530743924061286780788861302376556044","6043250738476881819042753626898801111","35809543942109625896991360514551123473"]},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/b18f2972ac20d5c086df3d645dd8518f4cead29b","signature_type":"Line","deprecated":false},{"id":"ASB-A-221855295-338cde89","target":{"file":"src/com/android/providers/media/util/FileUtils.java"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["251272552318062483375803532600811265251","109158918448858443125635452458075127604","138587773904233750919147985483441127650","195309320759852002081564118618854052551","245237118464282618670486643864373561354","239923988918611491819555322259343837757","334522434390633449750374019879302161059","284145369461894307536698195442534463170","156136969244990530431219627204875887987","289313048140665975705991099574537254387","5685128272666654397818596601519487550"]},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/b18f2972ac20d5c086df3d645dd8518f4cead29b","signature_type":"Line","deprecated":false},{"id":"ASB-A-221855295-7dd2cf8b","target":{"function":"computeDataFromValues","file":"src/com/android/providers/media/util/FileUtils.java"},"signature_version":"v1","digest":{"function_hash":"204881092998669550345217478148577572159","length":1112},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/b18f2972ac20d5c086df3d645dd8518f4cead29b","signature_type":"Function","deprecated":false},{"id":"ASB-A-221855295-c190036a","target":{"function":"deleteIfAllowed","file":"src/com/android/providers/media/MediaProvider.java"},"signature_version":"v1","digest":{"function_hash":"149005686500020152072408424580414043116","length":269},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/b18f2972ac20d5c086df3d645dd8518f4cead29b","signature_type":"Function","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-221855295.json"}},{"package":{"name":"platform/packages/providers/MediaProvider","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-09-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["EoP"],"spl":"2022-09-01","severity":"High","fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/9af1c783ee7332dd7dbb74252fd357308cb89891"],"vanir_signatures":[{"id":"ASB-A-221855295-5f90af00","target":{"file":"src/com/android/providers/media/MediaProvider.java"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["83227273977673201952415963432411165056","240530743924061286780788861302376556044","6043250738476881819042753626898801111","35809543942109625896991360514551123473"]},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/9af1c783ee7332dd7dbb74252fd357308cb89891","signature_type":"Line","deprecated":false},{"id":"ASB-A-221855295-7b835316","target":{"function":"deleteIfAllowed","file":"src/com/android/providers/media/MediaProvider.java"},"signature_version":"v1","digest":{"function_hash":"149005686500020152072408424580414043116","length":269},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/9af1c783ee7332dd7dbb74252fd357308cb89891","signature_type":"Function","deprecated":false},{"id":"ASB-A-221855295-8289a86f","target":{"file":"src/com/android/providers/media/util/FileUtils.java"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["239923988918611491819555322259343837757","334522434390633449750374019879302161059","284145369461894307536698195442534463170","156136969244990530431219627204875887987","289313048140665975705991099574537254387","5685128272666654397818596601519487550"]},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/9af1c783ee7332dd7dbb74252fd357308cb89891","signature_type":"Line","deprecated":false},{"id":"ASB-A-221855295-9ddcd1ca","target":{"function":"computeDataFromValues","file":"src/com/android/providers/media/util/FileUtils.java"},"signature_version":"v1","digest":{"function_hash":"183975693316331404397545371747082956439","length":968},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/9af1c783ee7332dd7dbb74252fd357308cb89891","signature_type":"Function","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-221855295.json"}},{"package":{"name":"platform/packages/providers/MediaProvider","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-09-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["EoP"],"spl":"2022-09-01","severity":"High","fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/47767be45f3486cb59b3c19c4296b38a0408dccb"],"vanir_signatures":[{"id":"ASB-A-221855295-1df96ee3","target":{"function":"computeDataFromValues","file":"src/com/android/providers/media/util/FileUtils.java"},"signature_version":"v1","digest":{"function_hash":"204881092998669550345217478148577572159","length":1112},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/47767be45f3486cb59b3c19c4296b38a0408dccb","signature_type":"Function","deprecated":false},{"id":"ASB-A-221855295-5433c79b","target":{"file":"src/com/android/providers/media/MediaProvider.java"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["83227273977673201952415963432411165056","240530743924061286780788861302376556044","6043250738476881819042753626898801111","35809543942109625896991360514551123473"]},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/47767be45f3486cb59b3c19c4296b38a0408dccb","signature_type":"Line","deprecated":false},{"id":"ASB-A-221855295-821778be","target":{"function":"deleteIfAllowed","file":"src/com/android/providers/media/MediaProvider.java"},"signature_version":"v1","digest":{"function_hash":"149005686500020152072408424580414043116","length":269},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/47767be45f3486cb59b3c19c4296b38a0408dccb","signature_type":"Function","deprecated":false},{"id":"ASB-A-221855295-c1e1e590","target":{"file":"src/com/android/providers/media/util/FileUtils.java"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["251272552318062483375803532600811265251","109158918448858443125635452458075127604","138587773904233750919147985483441127650","195309320759852002081564118618854052551","245237118464282618670486643864373561354","239923988918611491819555322259343837757","334522434390633449750374019879302161059","284145369461894307536698195442534463170","156136969244990530431219627204875887987","289313048140665975705991099574537254387","5685128272666654397818596601519487550"]},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/47767be45f3486cb59b3c19c4296b38a0408dccb","signature_type":"Line","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-221855295.json"}},{"package":{"name":"platform/packages/providers/MediaProvider","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-09-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["EoP"],"spl":"2022-09-01","severity":"High","fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/ac1ccd49fe0e2b8f7de2e391d4f597ce56de53da"],"vanir_signatures":[{"id":"ASB-A-221855295-144cb072","target":{"function":"computeDataFromValues","file":"src/com/android/providers/media/util/FileUtils.java"},"signature_version":"v1","digest":{"function_hash":"204881092998669550345217478148577572159","length":1112},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/ac1ccd49fe0e2b8f7de2e391d4f597ce56de53da","signature_type":"Function","deprecated":false},{"id":"ASB-A-221855295-b3fb6e59","target":{"file":"src/com/android/providers/media/MediaProvider.java"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["83227273977673201952415963432411165056","240530743924061286780788861302376556044","6043250738476881819042753626898801111","35809543942109625896991360514551123473"]},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/ac1ccd49fe0e2b8f7de2e391d4f597ce56de53da","signature_type":"Line","deprecated":false},{"id":"ASB-A-221855295-ca99e207","target":{"function":"deleteIfAllowed","file":"src/com/android/providers/media/MediaProvider.java"},"signature_version":"v1","digest":{"function_hash":"149005686500020152072408424580414043116","length":269},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/ac1ccd49fe0e2b8f7de2e391d4f597ce56de53da","signature_type":"Function","deprecated":false},{"id":"ASB-A-221855295-f1a102ef","target":{"file":"src/com/android/providers/media/util/FileUtils.java"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["251272552318062483375803532600811265251","109158918448858443125635452458075127604","138587773904233750919147985483441127650","195309320759852002081564118618854052551","245237118464282618670486643864373561354","239923988918611491819555322259343837757","334522434390633449750374019879302161059","284145369461894307536698195442534463170","156136969244990530431219627204875887987","289313048140665975705991099574537254387","5685128272666654397818596601519487550"]},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/ac1ccd49fe0e2b8f7de2e391d4f597ce56de53da","signature_type":"Line","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-221855295.json"}},{"package":{"name":"platform/packages/providers/MediaProvider","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-09-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["EoP"],"spl":"2022-09-01","severity":"High","fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/18939f61c18602131116ac12eabaf5016f7b5180"],"vanir_signatures":[{"id":"ASB-A-221855295-06b0d5ac","target":{"file":"src/com/android/providers/media/util/FileUtils.java"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["251272552318062483375803532600811265251","109158918448858443125635452458075127604","138587773904233750919147985483441127650","195309320759852002081564118618854052551","245237118464282618670486643864373561354","239923988918611491819555322259343837757","334522434390633449750374019879302161059","284145369461894307536698195442534463170","156136969244990530431219627204875887987","289313048140665975705991099574537254387","5685128272666654397818596601519487550"]},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/18939f61c18602131116ac12eabaf5016f7b5180","signature_type":"Line","deprecated":false},{"id":"ASB-A-221855295-a1dd0b6b","target":{"function":"deleteIfAllowed","file":"src/com/android/providers/media/MediaProvider.java"},"signature_version":"v1","digest":{"function_hash":"149005686500020152072408424580414043116","length":269},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/18939f61c18602131116ac12eabaf5016f7b5180","signature_type":"Function","deprecated":false},{"id":"ASB-A-221855295-ba14e614","target":{"file":"src/com/android/providers/media/MediaProvider.java"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["83227273977673201952415963432411165056","240530743924061286780788861302376556044","6043250738476881819042753626898801111","35809543942109625896991360514551123473"]},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/18939f61c18602131116ac12eabaf5016f7b5180","signature_type":"Line","deprecated":false},{"id":"ASB-A-221855295-e1a0f3c0","target":{"function":"computeDataFromValues","file":"src/com/android/providers/media/util/FileUtils.java"},"signature_version":"v1","digest":{"function_hash":"204881092998669550345217478148577572159","length":1112},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/18939f61c18602131116ac12eabaf5016f7b5180","signature_type":"Function","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-221855295.json"}}],"schema_version":"1.7.5"}