{"id":"ASB-A-238377411","details":"In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-238377411","CVE-2022-20420"],"modified":"2026-04-30T15:48:46.890647Z","published":"2022-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-10-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/95e7a3ee33d3665ec46570dd0b1a6db614384570"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-10-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["EoP"],"spl":"2022-10-01","severity":"High","vanir_signatures":[{"digest":{"length":2215,"function_hash":"81851832787058760284793457627546280792"},"signature_type":"Function","signature_version":"v1","target":{"function":"getBackgroundRestrictionExemptionReason","file":"services/core/java/com/android/server/am/AppRestrictionController.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/26945bf8608a8d5e38bdda4a68e3d444eed03de0","deprecated":false,"id":"ASB-A-238377411-00e006fe"},{"digest":{"threshold":0.9,"line_hashes":["338084814463838692865463276062272481269","204095983282894935881441189197943072724","111208491350462862960277179470679895697","163064010969996349495530247851842396655","16839510854669803563955315361634610793","1786610215237782535962533169394715750","334398862494929584959105449151793775680","330533647503340784153069115043786205902","143485974629224183528668425378540623940","26926396955253309710027627514622503319","273745746621807355187035804840176057909","305889137737588596988465704815320506336","134194250848175375095003306340074806879","194957543535939216182745666166217578049","26422771808357216473777961746329713413","265669218276827631057056749515506381182","76606515071439434307528638013225843903","288517370563388251142327358930969033659","130344593426080827019006436581711947077","186682583954881249989830317938655312716","225415400739484179376797177558147078077","51695108914376855781955835012299425394","150871703979736768091563171795087467328","191061473204025477134646219421376372468","21290638900906506377241001768891280698","186369197693698899165612098672542311067","574410352114663538138448114640889277","114051027259629430124426829744691013693","283453390914155909792195628521054937976","243016695195401865758899327290423773863","235135641989946274393347545803689135166","52733613119433308264821384417685192222","119872224072732039667693289869059257275","95863338367342909469211096695945675284"]},"signature_type":"Line","signature_version":"v1","target":{"file":"services/core/java/com/android/server/am/AppRestrictionController.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/26945bf8608a8d5e38bdda4a68e3d444eed03de0","deprecated":false,"id":"ASB-A-238377411-9a5ec86e"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/26945bf8608a8d5e38bdda4a68e3d444eed03de0"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-238377411.json"}}],"schema_version":"1.7.5"}