{"id":"ASB-A-237290578","details":"In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-237290578","CVE-2022-20419"],"modified":"2026-05-01T15:24:27.653932Z","published":"2022-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-10-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/e5dd8be748c76c11615050c610dfc1fae73ad4a4"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-10-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c"],"severity":"Critical","vanir_signatures":[{"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c","digest":{"length":216,"function_hash":"205398171342732717523701527669719181976"},"match_only_versions":["12L"],"target":{"function":"takeOptions","file":"services/core/java/com/android/server/wm/ActivityRecord.java"},"id":"ASB-A-237290578-4bb14851","deprecated":false},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["141409068137822364776637404179214809909","141646122292666747827102773057754006353","115214146352062741294180703043020714224"]},"signature_type":"Line","target":{"file":"core/java/android/app/ActivityOptions.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c","id":"ASB-A-237290578-5662a94a","deprecated":false},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["123932784371985051459924424380706729449","197535680874352624395498706667897197889","238119913619143259649442240135204435966","8093508599898817594190718849734633838","144138795246327357023218240210182545717","272064731781995071156461217388638949151"]},"signature_type":"Line","target":{"file":"services/core/java/com/android/server/wm/ActivityRecord.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c","id":"ASB-A-237290578-932d0bef","deprecated":false}],"spl":"2022-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-237290578.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-10-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c"],"severity":"Critical","vanir_signatures":[{"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c","digest":{"length":216,"function_hash":"205398171342732717523701527669719181976"},"match_only_versions":["13"],"target":{"function":"takeOptions","file":"services/core/java/com/android/server/wm/ActivityRecord.java"},"id":"ASB-A-237290578-a2a9c6a1","deprecated":false},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["141409068137822364776637404179214809909","141646122292666747827102773057754006353","115214146352062741294180703043020714224"]},"signature_type":"Line","target":{"file":"core/java/android/app/ActivityOptions.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c","id":"ASB-A-237290578-b9a6b660","deprecated":false},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["123932784371985051459924424380706729449","197535680874352624395498706667897197889","238119913619143259649442240135204435966","8093508599898817594190718849734633838","144138795246327357023218240210182545717","272064731781995071156461217388638949151"]},"signature_type":"Line","target":{"file":"services/core/java/com/android/server/wm/ActivityRecord.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c","id":"ASB-A-237290578-d9d373b9","deprecated":false}],"spl":"2022-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-237290578.json"}}],"schema_version":"1.7.5"}