{"id":"ASB-A-234440688","details":"In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-234440688","CVE-2022-20396"],"modified":"2026-04-21T15:25:42.831358Z","published":"2022-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-09-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/apps/Settings/+/8cef068117d15802595a558281c1d1efe3d62da2"}],"affected":[{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2022-09-01"}]}],"versions":["13-next"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/6dcbb25fa50ce78d557a2163ecc580cb3019c529"],"types":["ID"],"spl":"2022-09-01","vanir_signatures":[{"id":"ASB-A-234440688-33bca3c8","target":{"file":"src/com/android/settings/SettingsActivity.java"},"digest":{"line_hashes":["119105830887202847828743114110704015010","286762870007429537793915799176909290333","121816353728658712091538528467758640365","19592784335296858685853820961661671862","126154069818861400221276473782020961444","288159028028627004182746078235050406261","82795765862042155059755556685281178010","322506073509584080313550723877538223346","282042956962584523644695825894720196789","332099452835483432240376586532357452691","306208524907543003627718939471761560144","269463429052517483281097935448069251972","320641842633859231116508047806350815442","335871720811941217376527482591779703789","12079542513812903161692716530038858904"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/6dcbb25fa50ce78d557a2163ecc580cb3019c529","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"signature_version":"v1","digest":{"line_hashes":["319872827816851647717371349393416325476","212357963224754359228842325870144500604","173565680331490800229406522870336291472","296272528443733225337110380235312617072","225180191949311179386757110182805562197","132840555199023955054648506055181253157","166152938260230673924537411540086773937","217367192194101887875000122180541600025","56357263559963899663107324463737726573","136017922404587097463704754473708476142","39823467889662418534817717353275945160","267785463599647351746920985700031222482"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/6dcbb25fa50ce78d557a2163ecc580cb3019c529","deprecated":false,"signature_type":"Line","id":"ASB-A-234440688-3b98e807","match_only_versions":["13-next"],"target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"}},{"id":"ASB-A-234440688-a5cb590f","target":{"function":"tryStartTwoPaneDeepLink","file":"src/com/android/settings/SettingsActivity.java"},"digest":{"function_hash":"266266937796773839997333389235888809265","length":909},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/6dcbb25fa50ce78d557a2163ecc580cb3019c529","deprecated":false,"signature_version":"v1","signature_type":"Function"},{"signature_version":"v1","digest":{"function_hash":"19204995285806054054315280470773614748","length":813},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/6dcbb25fa50ce78d557a2163ecc580cb3019c529","deprecated":false,"signature_type":"Function","id":"ASB-A-234440688-e2f8dedd","match_only_versions":["13-next"],"target":{"function":"onAttach","file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-234440688.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-09-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/846d0286a8c1608796a64d9f6748c52bc3612bc1"],"types":["ID"],"spl":"2022-09-01","vanir_signatures":[{"id":"ASB-A-234440688-06e4363a","target":{"function":"launchHomepageForTwoPaneDeepLink","file":"src/com/android/settings/SettingsActivity.java"},"digest":{"function_hash":"7323693548425725269011574414207102258","length":438},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/846d0286a8c1608796a64d9f6748c52bc3612bc1","deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-234440688-168c6e3c","target":{"file":"src/com/android/settings/SettingsActivity.java"},"digest":{"line_hashes":["114589388220254390488480222799855039727","31934974028308334941258602697830233193","121816353728658712091538528467758640365","19592784335296858685853820961661671862","145989860462962721831415883853515642395","143692941758530183061451282460626029231","283885755928999029809470670335834163893","293438345841106787427840363580600929061","70747576966754742677289661698728526590","264939523191001103361048828542538674309","177796233075612688915900478785486463417","320641842633859231116508047806350815442","335871720811941217376527482591779703789","12079542513812903161692716530038858904"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/846d0286a8c1608796a64d9f6748c52bc3612bc1","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"signature_version":"v1","digest":{"function_hash":"19204995285806054054315280470773614748","length":813},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/846d0286a8c1608796a64d9f6748c52bc3612bc1","deprecated":false,"signature_type":"Function","id":"ASB-A-234440688-22f3aa76","match_only_versions":["12L"],"target":{"function":"onAttach","file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"}},{"signature_version":"v1","digest":{"line_hashes":["319872827816851647717371349393416325476","212357963224754359228842325870144500604","173565680331490800229406522870336291472","296272528443733225337110380235312617072","225180191949311179386757110182805562197","132840555199023955054648506055181253157","166152938260230673924537411540086773937","217367192194101887875000122180541600025","56357263559963899663107324463737726573","136017922404587097463704754473708476142","39823467889662418534817717353275945160","267785463599647351746920985700031222482"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/846d0286a8c1608796a64d9f6748c52bc3612bc1","deprecated":false,"signature_type":"Line","id":"ASB-A-234440688-3573e760","match_only_versions":["12L"],"target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-234440688.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-09-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/5df14831b8d0bbae062c644cfa987378ea2ca9d4"],"types":["ID"],"spl":"2022-09-01","vanir_signatures":[{"id":"ASB-A-234440688-ac62c467","target":{"file":"src/com/android/settings/SettingsActivity.java"},"digest":{"line_hashes":["119105830887202847828743114110704015010","286762870007429537793915799176909290333","121816353728658712091538528467758640365","19592784335296858685853820961661671862","126154069818861400221276473782020961444","288159028028627004182746078235050406261","82795765862042155059755556685281178010","322506073509584080313550723877538223346","282042956962584523644695825894720196789","332099452835483432240376586532357452691","306208524907543003627718939471761560144","269463429052517483281097935448069251972","320641842633859231116508047806350815442","335871720811941217376527482591779703789","12079542513812903161692716530038858904"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/5df14831b8d0bbae062c644cfa987378ea2ca9d4","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"signature_version":"v1","digest":{"line_hashes":["319872827816851647717371349393416325476","212357963224754359228842325870144500604","173565680331490800229406522870336291472","296272528443733225337110380235312617072","225180191949311179386757110182805562197","132840555199023955054648506055181253157","166152938260230673924537411540086773937","217367192194101887875000122180541600025","56357263559963899663107324463737726573","136017922404587097463704754473708476142","39823467889662418534817717353275945160","267785463599647351746920985700031222482"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/5df14831b8d0bbae062c644cfa987378ea2ca9d4","deprecated":false,"signature_type":"Line","id":"ASB-A-234440688-d5dbe343","match_only_versions":["13"],"target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"}},{"signature_version":"v1","digest":{"function_hash":"19204995285806054054315280470773614748","length":813},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/5df14831b8d0bbae062c644cfa987378ea2ca9d4","deprecated":false,"signature_type":"Function","id":"ASB-A-234440688-e1c2253d","match_only_versions":["13"],"target":{"function":"onAttach","file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"}},{"id":"ASB-A-234440688-e55716b6","target":{"function":"tryStartTwoPaneDeepLink","file":"src/com/android/settings/SettingsActivity.java"},"digest":{"function_hash":"266266937796773839997333389235888809265","length":909},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/5df14831b8d0bbae062c644cfa987378ea2ca9d4","deprecated":false,"signature_version":"v1","signature_type":"Function"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-234440688.json"}}],"schema_version":"1.7.5"}