{"id":"ASB-A-228450811","details":"In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-228450811","CVE-2022-20347"],"modified":"2026-04-17T15:55:28.020024Z","published":"2022-08-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-08-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/apps/Settings/+/01b6a6222e5e8cf59e317f4f52df71308bfb8bc5"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/apps/Settings/+/205752dcf2062eb3deeb7f3b7d1eb8af7d8b2634"}],"affected":[{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-08-01"}]}],"versions":["10"],"ecosystem_specific":{"spl":"2022-08-01","vanir_signatures":[{"signature_type":"Function","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/06139d3ffc37cb4b7974f95ccf08512c6fcad26d","target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java","function":"onAttach"},"id":"ASB-A-228450811-34934f0e","digest":{"length":856,"function_hash":"13919919985601905534216584854032341268"}},{"signature_type":"Line","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/06139d3ffc37cb4b7974f95ccf08512c6fcad26d","target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"},"id":"ASB-A-228450811-7a20190f","digest":{"line_hashes":["54217086981814180212189485121760539851","261739059670434564785450967806299967903","41067553375884720821611857407055261273","137837912929574767692735686410794945957","56357263559963899663107324463737726573","9114155055727489661803632310053793189","94018531324307120263608100370258872334","6514451304108629292662999225639745043","135791731730466980643930382946287805964","234462997388563845605361232523379613206","274445856122569385262686860387721320635","331372866387346569117615521148814378898","322746544384854418103538752332004024739","221639065747129932344001369290868713095","248215125813645792421551754924777187308","285427982986700501602679183363004467168"],"threshold":0.9}}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/06139d3ffc37cb4b7974f95ccf08512c6fcad26d"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-228450811.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-08-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2022-08-01","vanir_signatures":[{"signature_type":"Line","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/c44b6fed73668dcdee066ea125e93e48dc31d3ee","target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"},"id":"ASB-A-228450811-7f33b989","digest":{"line_hashes":["54217086981814180212189485121760539851","261739059670434564785450967806299967903","41067553375884720821611857407055261273","137837912929574767692735686410794945957","56357263559963899663107324463737726573","9114155055727489661803632310053793189","94018531324307120263608100370258872334","6514451304108629292662999225639745043","135791731730466980643930382946287805964","234462997388563845605361232523379613206","274445856122569385262686860387721320635","331372866387346569117615521148814378898","322746544384854418103538752332004024739","221639065747129932344001369290868713095","142489513983106137869263719183573711648","124324795784551632906599239120494070203"],"threshold":0.9}},{"signature_type":"Function","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/c44b6fed73668dcdee066ea125e93e48dc31d3ee","target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java","function":"onAttach"},"id":"ASB-A-228450811-a5e9cd84","digest":{"length":807,"function_hash":"143352052092941315242526665037436373403"}}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/c44b6fed73668dcdee066ea125e93e48dc31d3ee"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-228450811.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-08-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2022-08-01","vanir_signatures":[{"signature_type":"Function","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/1c4142e1aea6236b8058377ecdc9d0575fca68ee","target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java","function":"onAttach"},"id":"ASB-A-228450811-5bcd8c13","digest":{"length":807,"function_hash":"143352052092941315242526665037436373403"}},{"signature_type":"Line","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/1c4142e1aea6236b8058377ecdc9d0575fca68ee","target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"},"id":"ASB-A-228450811-73cbe7bc","digest":{"line_hashes":["54217086981814180212189485121760539851","261739059670434564785450967806299967903","41067553375884720821611857407055261273","137837912929574767692735686410794945957","56357263559963899663107324463737726573","9114155055727489661803632310053793189","94018531324307120263608100370258872334","6514451304108629292662999225639745043","135791731730466980643930382946287805964","234462997388563845605361232523379613206","274445856122569385262686860387721320635","331372866387346569117615521148814378898","322746544384854418103538752332004024739","221639065747129932344001369290868713095","142489513983106137869263719183573711648","124324795784551632906599239120494070203"],"threshold":0.9}}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/1c4142e1aea6236b8058377ecdc9d0575fca68ee"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-228450811.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-08-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2022-08-01","vanir_signatures":[{"signature_type":"Function","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/8bae22248940fe0549c7e6cfab07948f1e4f6b37","target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java","function":"onAttach"},"id":"ASB-A-228450811-146850ef","digest":{"length":807,"function_hash":"143352052092941315242526665037436373403"}},{"signature_type":"Line","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/8bae22248940fe0549c7e6cfab07948f1e4f6b37","target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"},"id":"ASB-A-228450811-83067314","digest":{"line_hashes":["54217086981814180212189485121760539851","261739059670434564785450967806299967903","41067553375884720821611857407055261273","137837912929574767692735686410794945957","56357263559963899663107324463737726573","9114155055727489661803632310053793189","94018531324307120263608100370258872334","6514451304108629292662999225639745043","135791731730466980643930382946287805964","234462997388563845605361232523379613206","274445856122569385262686860387721320635","331372866387346569117615521148814378898","322746544384854418103538752332004024739","221639065747129932344001369290868713095","142489513983106137869263719183573711648","124324795784551632906599239120494070203"],"threshold":0.9}}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/8bae22248940fe0549c7e6cfab07948f1e4f6b37"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-228450811.json"}}],"schema_version":"1.7.5"}