{"id":"ASB-A-246933359","details":"In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.","aliases":["A-246933359","CVE-2022-20501"],"modified":"2026-05-29T15:55:33.750044621Z","published":"2022-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035"}],"affected":[{"package":{"name":"platform/packages/services/Telecomm","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-12-01"}]}],"versions":["10"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"function":"onCreate","file":"src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035","digest":{"function_hash":"154270236169330912437872144573544089928","length":245},"signature_type":"Function","id":"ASB-A-246933359-2d747a16"},{"signature_version":"v1","deprecated":false,"target":{"file":"src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035","digest":{"threshold":0.9,"line_hashes":["320289821939055675549952624027794498453","96961415491038917953009970649486956067","70238020157878442178950549376738510749","62743758544484059513720788751842644535","285738201064597834006436556479051549380","319483709314350051125391354452465839608","218636688842431018377560863361731694344","300316977321693419332182848524026739926"]},"signature_type":"Line","id":"ASB-A-246933359-fd099c12"}],"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035"],"spl":"2022-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-246933359.json"}},{"package":{"name":"platform/packages/services/Telecomm","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-12-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"function":"onCreate","file":"src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035","digest":{"function_hash":"154270236169330912437872144573544089928","length":245},"signature_type":"Function","id":"ASB-A-246933359-b528d839"},{"signature_version":"v1","deprecated":false,"target":{"file":"src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035","digest":{"threshold":0.9,"line_hashes":["320289821939055675549952624027794498453","96961415491038917953009970649486956067","70238020157878442178950549376738510749","62743758544484059513720788751842644535","285738201064597834006436556479051549380","319483709314350051125391354452465839608","218636688842431018377560863361731694344","300316977321693419332182848524026739926"]},"id":"ASB-A-246933359-f71949af","signature_type":"Line"}],"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035"],"spl":"2022-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-246933359.json"}},{"package":{"name":"platform/packages/services/Telecomm","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-12-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"file":"src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035","digest":{"threshold":0.9,"line_hashes":["320289821939055675549952624027794498453","96961415491038917953009970649486956067","70238020157878442178950549376738510749","62743758544484059513720788751842644535","285738201064597834006436556479051549380","319483709314350051125391354452465839608","218636688842431018377560863361731694344","300316977321693419332182848524026739926"]},"signature_type":"Line","id":"ASB-A-246933359-009398e8"},{"signature_version":"v1","deprecated":false,"target":{"file":"src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java","function":"onCreate"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035","digest":{"function_hash":"154270236169330912437872144573544089928","length":245},"signature_type":"Function","id":"ASB-A-246933359-8914fb9c"}],"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035"],"spl":"2022-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-246933359.json"}},{"package":{"name":"platform/packages/services/Telecomm","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-12-01"}]}],"versions":["12L"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"function":"onCreate","file":"src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035","digest":{"function_hash":"154270236169330912437872144573544089928","length":245},"signature_type":"Function","id":"ASB-A-246933359-13317206"},{"signature_version":"v1","deprecated":false,"target":{"file":"src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035","digest":{"threshold":0.9,"line_hashes":["320289821939055675549952624027794498453","96961415491038917953009970649486956067","70238020157878442178950549376738510749","62743758544484059513720788751842644535","285738201064597834006436556479051549380","319483709314350051125391354452465839608","218636688842431018377560863361731694344","300316977321693419332182848524026739926"]},"signature_type":"Line","id":"ASB-A-246933359-ae6a4686"}],"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035"],"spl":"2022-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-246933359.json"}},{"package":{"name":"platform/packages/services/Telecomm","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-12-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"function":"onCreate","file":"src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035","digest":{"function_hash":"154270236169330912437872144573544089928","length":245},"signature_type":"Function","id":"ASB-A-246933359-344f4600"},{"signature_version":"v1","deprecated":false,"target":{"file":"src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035","digest":{"threshold":0.9,"line_hashes":["320289821939055675549952624027794498453","96961415491038917953009970649486956067","70238020157878442178950549376738510749","62743758544484059513720788751842644535","285738201064597834006436556479051549380","319483709314350051125391354452465839608","218636688842431018377560863361731694344","300316977321693419332182848524026739926"]},"signature_type":"Line","id":"ASB-A-246933359-decf1620"}],"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035"],"spl":"2022-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-246933359.json"}}],"schema_version":"1.7.5"}