{"id":"ASB-A-240936919","details":"In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-240936919","CVE-2022-20476"],"modified":"2026-05-01T15:24:27.653932Z","published":"2022-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/5a173bdc48963471aa93e3fd0e82c8632f45c1e5"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-12-01"}]}],"versions":["10"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/4d13148a3fa5f6bc1b7038fae7d1f1adda163a9f"],"types":["DoS"],"vanir_signatures":[{"signature_type":"Line","target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"digest":{"line_hashes":["284205798504809724784272224468699701410","20350704382956903800339279784632990206","146345732816756121422852719691095437450","184278885357330085159587899033234060087"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/4d13148a3fa5f6bc1b7038fae7d1f1adda163a9f","signature_version":"v1","id":"ASB-A-240936919-6e964bac","deprecated":false},{"signature_type":"Function","target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java","function":"setEnabledSetting"},"digest":{"length":5168,"function_hash":"252294874066412869649201823923762930482"},"source":"https://android.googlesource.com/platform/frameworks/base/+/4d13148a3fa5f6bc1b7038fae7d1f1adda163a9f","signature_version":"v1","id":"ASB-A-240936919-788b41ec","deprecated":false}],"spl":"2022-12-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-240936919.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-12-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/5e98f267592775a2b886ccaa752377d6967f9741"],"types":["DoS"],"vanir_signatures":[{"signature_type":"Line","target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"digest":{"line_hashes":["284205798504809724784272224468699701410","20350704382956903800339279784632990206","146345732816756121422852719691095437450","184278885357330085159587899033234060087"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/5e98f267592775a2b886ccaa752377d6967f9741","signature_version":"v1","id":"ASB-A-240936919-b404943f","deprecated":false},{"signature_type":"Function","target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java","function":"setEnabledSetting"},"digest":{"length":5491,"function_hash":"174031766736513151646990418150496716107"},"source":"https://android.googlesource.com/platform/frameworks/base/+/5e98f267592775a2b886ccaa752377d6967f9741","signature_version":"v1","id":"ASB-A-240936919-d913e6ba","deprecated":false}],"spl":"2022-12-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-240936919.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-12-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/24473590373902db492de502c7c557ef5ead485f"],"types":["DoS"],"vanir_signatures":[{"signature_type":"Line","target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"digest":{"line_hashes":["284205798504809724784272224468699701410","20350704382956903800339279784632990206","146345732816756121422852719691095437450","184278885357330085159587899033234060087"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/24473590373902db492de502c7c557ef5ead485f","signature_version":"v1","id":"ASB-A-240936919-d263f746","deprecated":false},{"signature_type":"Function","target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java","function":"setEnabledSetting"},"digest":{"length":5544,"function_hash":"79190887609884969770196094422135686638"},"source":"https://android.googlesource.com/platform/frameworks/base/+/24473590373902db492de502c7c557ef5ead485f","signature_version":"v1","id":"ASB-A-240936919-dc9c9b2f","deprecated":false}],"spl":"2022-12-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-240936919.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-12-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/006bb7107e7a88df7dfb6049f97bae57ac78b364"],"types":["DoS"],"vanir_signatures":[{"signature_type":"Line","target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"digest":{"line_hashes":["284205798504809724784272224468699701410","20350704382956903800339279784632990206","146345732816756121422852719691095437450","184278885357330085159587899033234060087"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/006bb7107e7a88df7dfb6049f97bae57ac78b364","signature_version":"v1","id":"ASB-A-240936919-08a9bc01","deprecated":false},{"signature_type":"Function","target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java","function":"setEnabledSetting"},"digest":{"length":5544,"function_hash":"79190887609884969770196094422135686638"},"source":"https://android.googlesource.com/platform/frameworks/base/+/006bb7107e7a88df7dfb6049f97bae57ac78b364","signature_version":"v1","id":"ASB-A-240936919-32904867","deprecated":false}],"spl":"2022-12-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-240936919.json"}}],"schema_version":"1.7.5"}