{"id":"ASB-A-179699767", "published":"2022-05-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20004", "A-179699767"], "details":"In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-05-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9"], "severity":"High", "spl":"2022-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["226760433165813380990153619519066009195", "198238097207668302298535804286695971443", "747526148792920550608566485759371786", "194663801245171228071477207088008390990"], "threshold":0.9}, "id":"ASB-A-179699767-0b3f8e3a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9", "target":{"file":"services/core/java/com/android/server/slice/SliceManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"170738253548447665571067266136931173848", "length":1170}, "id":"ASB-A-179699767-5eb47681", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9", "target":{"file":"services/core/java/com/android/server/slice/SliceManagerService.java", "function":"checkSlicePermission"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-05-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9"], "severity":"High", "spl":"2022-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["226760433165813380990153619519066009195", "198238097207668302298535804286695971443", "747526148792920550608566485759371786", "194663801245171228071477207088008390990"], "threshold":0.9}, "id":"ASB-A-179699767-502ce88c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9", "target":{"file":"services/core/java/com/android/server/slice/SliceManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"170738253548447665571067266136931173848", "length":1170}, "id":"ASB-A-179699767-ce57a002", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9", "target":{"file":"services/core/java/com/android/server/slice/SliceManagerService.java", "function":"checkSlicePermission"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-05-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9"], "severity":"High", "spl":"2022-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"170738253548447665571067266136931173848", "length":1170}, "id":"ASB-A-179699767-85f258bf", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9", "target":{"file":"services/core/java/com/android/server/slice/SliceManagerService.java", "function":"checkSlicePermission"}}, {"deprecated":false, "digest":{"line_hashes":["226760433165813380990153619519066009195", "198238097207668302298535804286695971443", "747526148792920550608566485759371786", "194663801245171228071477207088008390990"], "threshold":0.9}, "id":"ASB-A-179699767-f0c53c2f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9", "target":{"file":"services/core/java/com/android/server/slice/SliceManagerService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-05-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9"], "severity":"High", "spl":"2022-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"170738253548447665571067266136931173848", "length":1170}, "id":"ASB-A-179699767-226df259", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9", "target":{"file":"services/core/java/com/android/server/slice/SliceManagerService.java", "function":"checkSlicePermission"}}, {"deprecated":false, "digest":{"line_hashes":["226760433165813380990153619519066009195", "198238097207668302298535804286695971443", "747526148792920550608566485759371786", "194663801245171228071477207088008390990"], "threshold":0.9}, "id":"ASB-A-179699767-5d4522b2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9", "target":{"file":"services/core/java/com/android/server/slice/SliceManagerService.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-05-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/b55656825844f8ac1d776da0b3290a4e9948ba4f"}]}