{"id":"ASB-A-240138318","details":"In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-240138318","CVE-2022-20452"],"modified":"2026-05-01T15:24:27.653932Z","published":"2022-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/a0d9fc3b28f5b8113c90b43997d6c0151cfcb052"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-11-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2022-11-01","severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/d2f9cc6342141cdb39f08a229d548d7b29cadd86"],"vanir_signatures":[{"target":{"function":"readFromParcelInner","file":"core/java/android/os/BaseBundle.java"},"digest":{"length":1165,"function_hash":"294971560677991495915799033849809071282"},"source":"https://android.googlesource.com/platform/frameworks/base/+/d2f9cc6342141cdb39f08a229d548d7b29cadd86","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-240138318-44ad39a0"},{"target":{"function":"initializeFromParcelLocked","file":"core/java/android/os/BaseBundle.java"},"digest":{"length":1322,"function_hash":"41618496558948515551579002358314189668"},"source":"https://android.googlesource.com/platform/frameworks/base/+/d2f9cc6342141cdb39f08a229d548d7b29cadd86","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-240138318-95c0bcd0"},{"target":{"file":"core/java/android/os/BaseBundle.java"},"digest":{"line_hashes":["205790670589368183264439125641744582550","82884370948115524344035054150705602570","216041608029756959842858753474917685482","15162155614541361053556508522685827566","198194646825072841361354763240243703190","114445111499470849178140761363641537159","285987342404552339375316945596200232299","239707072679711863341443365323514481892","26662991357027715929291080339741001944","38157301873194198109658333375534443531"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/d2f9cc6342141cdb39f08a229d548d7b29cadd86","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-240138318-b61c4053"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-240138318.json"}}],"schema_version":"1.7.5"}