{"id":"PUB-A-208279300","details":"In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-208279300","ASB-A-208279300","CVE-2022-20197"],"modified":"2026-04-13T15:04:09.269232Z","published":"2022-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-06-01"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L-next:0"},{"fixed":"12L-next:2022-06-01"}]}],"versions":["12L-next"],"ecosystem_specific":{"spl":"2022-06-01","vanir_signatures":[{"digest":{"function_hash":"295972483992823207807516585320029458283","length":407},"deprecated":false,"target":{"function":"recycle","file":"core/java/android/os/Parcel.java"},"signature_version":"v1","id":"PUB-A-208279300-7b603131","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/011dda6e011aaba1112932576ae4080e10200d7c"},{"digest":{"threshold":0.9,"line_hashes":["316753909301305578740771338963451125640","86906117398184293737935705669161310446","289190745808397464931819942032085311598","134496265879813177300596224622561904500"]},"deprecated":false,"target":{"file":"core/java/android/os/Parcel.java"},"signature_version":"v1","id":"PUB-A-208279300-aca52d55","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/011dda6e011aaba1112932576ae4080e10200d7c"}],"types":["EoP"],"severity":"Moderate","fixes":["https://android.googlesource.com/platform/frameworks/base/+/011dda6e011aaba1112932576ae4080e10200d7c"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-208279300.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-06-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2022-06-01","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["271829008703992931818398218078023132919","86906117398184293737935705669161310446","289190745808397464931819942032085311598","134496265879813177300596224622561904500"]},"deprecated":false,"target":{"file":"core/java/android/os/Parcel.java"},"signature_version":"v1","id":"PUB-A-208279300-3833ed4d","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/46770fa49c9a5e51a5ea5a3afc7aab0dba2e59bd"},{"digest":{"function_hash":"295972483992823207807516585320029458283","length":407},"deprecated":false,"target":{"function":"recycle","file":"core/java/android/os/Parcel.java"},"signature_version":"v1","id":"PUB-A-208279300-78d30772","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/46770fa49c9a5e51a5ea5a3afc7aab0dba2e59bd"}],"types":["EoP"],"severity":"Moderate","fixes":["https://android.googlesource.com/platform/frameworks/base/+/46770fa49c9a5e51a5ea5a3afc7aab0dba2e59bd"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-208279300.json"}}],"schema_version":"1.7.5"}