{"id":"ASB-A-204906124", "published":"2022-10-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20394", "A-204906124"], "details":"In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-10-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/094ea03f14fea46161e7e5ac7b9f8a9c5d7c1ce3"], "severity":"High", "spl":"2022-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["141468153609562668994393624754862105064", "126152882013058941129294814418596437297", "137172877681078847471087295926777296182", "207371306133226239606329683551557787498", "164155130913160312493609904190641569509", "102138500376196793242218171660316251558", "315968056978142562903054399659890383256", "81143836350565747183613529948149873624", "104263978470508955145207475929234520053", "27693688517626266369860510133124460963", "176090476711488763385348340036848785704", "105097210874115201030968931282720102176", "109506092116546848140280844862266618853", "278947635135486117207482925906274067203", "152622448139923597724939268980635293576", "7405336617044189840700367584300108515", "28776240027154834474140139131754452411", "6973780969376378422393123357553653841", "111365816840044814753810843473005838708", "67764196123294656511842632954287022448", "123826413461090793457179181757650071060", "296440300852680836121190296618569415095", "25766232893959406618109028141374898125", "255622610196879653642767521719973436647", "179511516892236586236537884076171110127", "131892866723213561597574534998935316519", "34693002873726971528400834596352454474", "82994238621821454591875713105564179566", "289055332010466994089152306424151463334", "299450715801246806645751198302356092263"], "threshold":0.9}, "id":"ASB-A-204906124-1c764adf", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/094ea03f14fea46161e7e5ac7b9f8a9c5d7c1ce3", "target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java"}}, {"deprecated":false, "digest":{"line_hashes":["83974276084259880562610389509029730017", "125600956322375750975868450054034445465", "12887350709039265853477061114851467024", "159085779451838875417834664242111228145"], "threshold":0.9}, "id":"ASB-A-204906124-7e638d34", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/094ea03f14fea46161e7e5ac7b9f8a9c5d7c1ce3", "target":{"file":"services/core/java/com/android/server/inputmethod/MultiClientInputMethodManagerService.java"}}, {"deprecated":false, "digest":{"line_hashes":["270222689777365805363207989524173784978", "195146663012422112579192413816154846474", "316886284012679230425127390107942420401", "24975671687396821748941627819348888413"], "threshold":0.9}, "id":"ASB-A-204906124-87337c8e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/094ea03f14fea46161e7e5ac7b9f8a9c5d7c1ce3", "target":{"file":"core/java/android/view/inputmethod/InputMethodManager.java"}}, {"deprecated":false, "digest":{"function_hash":"64625478051987566817408411198218418000", "length":48}, "id":"ASB-A-204906124-8f4227b2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/094ea03f14fea46161e7e5ac7b9f8a9c5d7c1ce3", "target":{"file":"services/core/java/com/android/server/inputmethod/MultiClientInputMethodManagerService.java", "function":"getInputMethodWindowVisibleHeight"}}, {"deprecated":false, "digest":{"function_hash":"193625215747254807880250643431487542195", "length":88}, "id":"ASB-A-204906124-a6167250", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/094ea03f14fea46161e7e5ac7b9f8a9c5d7c1ce3", "target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java", "function":"getInputMethodWindowVisibleHeight"}}, {"deprecated":false, "digest":{"function_hash":"210086691543575732989549378840064946078", "length":835}, "id":"ASB-A-204906124-bb399495", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/094ea03f14fea46161e7e5ac7b9f8a9c5d7c1ce3", "target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java", "function":"showSoftInput"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-10-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/fd7847b53344edb46d0b62fbdfb3f5b12ba6ac9e"], "severity":"High", "spl":"2022-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"246619960339134014101750848842875827589", "length":901}, "id":"ASB-A-204906124-31ccbdd6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fd7847b53344edb46d0b62fbdfb3f5b12ba6ac9e", "target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java", "function":"showSoftInput"}}, {"deprecated":false, "digest":{"line_hashes":["270222689777365805363207989524173784978", "195146663012422112579192413816154846474", "316886284012679230425127390107942420401", "24975671687396821748941627819348888413"], "threshold":0.9}, "id":"ASB-A-204906124-4f95df8b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fd7847b53344edb46d0b62fbdfb3f5b12ba6ac9e", "target":{"file":"core/java/android/view/inputmethod/InputMethodManager.java"}}, {"deprecated":false, "digest":{"function_hash":"64625478051987566817408411198218418000", "length":48}, "id":"ASB-A-204906124-92f5bd5f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fd7847b53344edb46d0b62fbdfb3f5b12ba6ac9e", "target":{"file":"services/core/java/com/android/server/inputmethod/MultiClientInputMethodManagerService.java", "function":"getInputMethodWindowVisibleHeight"}}, {"deprecated":false, "digest":{"line_hashes":["83974276084259880562610389509029730017", "125600956322375750975868450054034445465", "12887350709039265853477061114851467024", "159085779451838875417834664242111228145"], "threshold":0.9}, "id":"ASB-A-204906124-c85aba47", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fd7847b53344edb46d0b62fbdfb3f5b12ba6ac9e", "target":{"file":"services/core/java/com/android/server/inputmethod/MultiClientInputMethodManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"193625215747254807880250643431487542195", "length":88}, "id":"ASB-A-204906124-ef10b5ef", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fd7847b53344edb46d0b62fbdfb3f5b12ba6ac9e", "target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java", "function":"getInputMethodWindowVisibleHeight"}}, {"deprecated":false, "digest":{"line_hashes":["141468153609562668994393624754862105064", "126152882013058941129294814418596437297", "137172877681078847471087295926777296182", "207371306133226239606329683551557787498", "164155130913160312493609904190641569509", "102138500376196793242218171660316251558", "323535884742121396966749458431604532868", "178736369597720752727892766579745107237", "104263978470508955145207475929234520053", "27693688517626266369860510133124460963", "176090476711488763385348340036848785704", "105097210874115201030968931282720102176", "109506092116546848140280844862266618853", "278947635135486117207482925906274067203", "152622448139923597724939268980635293576", "7405336617044189840700367584300108515", "28776240027154834474140139131754452411", "6973780969376378422393123357553653841", "111365816840044814753810843473005838708", "67764196123294656511842632954287022448", "123826413461090793457179181757650071060", "296440300852680836121190296618569415095", "25766232893959406618109028141374898125", "255622610196879653642767521719973436647", "20615873132404125034365328072097094376", "131892866723213561597574534998935316519", "34693002873726971528400834596352454474", "82994238621821454591875713105564179566", "289055332010466994089152306424151463334", "299450715801246806645751198302356092263"], "threshold":0.9}, "id":"ASB-A-204906124-f84e04fc", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fd7847b53344edb46d0b62fbdfb3f5b12ba6ac9e", "target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-10-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/753331b390dc4d7cf895087223a8d72952af4de4"], "severity":"High", "spl":"2022-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"10439773466687355960683199401379014497", "length":1109}, "id":"ASB-A-204906124-194cdf57", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/753331b390dc4d7cf895087223a8d72952af4de4", "target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java", "function":"showSoftInput"}}, {"deprecated":false, "digest":{"line_hashes":["199820981071277627854459264243556768258", "299831826081120042736315337404127059888", "27049697355188242707229328820035351393", "98165448008069486553612194003140525962", "164155130913160312493609904190641569509", "102138500376196793242218171660316251558", "323535884742121396966749458431604532868", "178736369597720752727892766579745107237", "104263978470508955145207475929234520053", "27693688517626266369860510133124460963", "176090476711488763385348340036848785704", "105097210874115201030968931282720102176", "109506092116546848140280844862266618853", "278947635135486117207482925906274067203", "152622448139923597724939268980635293576", "269533832347455700668625693233385330172", "172382314362949356590961478931218939168", "200049417736338416022220769925825426419", "220601676738547864948911393335200914822", "135822372753838651698736279719315609814", "67764196123294656511842632954287022448", "123826413461090793457179181757650071060", "296440300852680836121190296618569415095", "25766232893959406618109028141374898125", "255622610196879653642767521719973436647", "236050267629211613586286545054645320988", "157293181107485528410484623071439093702", "34693002873726971528400834596352454474", "82994238621821454591875713105564179566", "289055332010466994089152306424151463334", "171103785610654647080351401498311198270"], "threshold":0.9}, "id":"ASB-A-204906124-2a075328", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/753331b390dc4d7cf895087223a8d72952af4de4", "target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java"}}, {"deprecated":false, "digest":{"line_hashes":["270222689777365805363207989524173784978", "195146663012422112579192413816154846474", "316886284012679230425127390107942420401", "24975671687396821748941627819348888413"], "threshold":0.9}, "id":"ASB-A-204906124-2d3567c6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/753331b390dc4d7cf895087223a8d72952af4de4", "target":{"file":"core/java/android/view/inputmethod/InputMethodManager.java"}}, {"deprecated":false, "digest":{"line_hashes":["83974276084259880562610389509029730017", "125600956322375750975868450054034445465", "12887350709039265853477061114851467024", "159085779451838875417834664242111228145"], "threshold":0.9}, "id":"ASB-A-204906124-387744aa", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/753331b390dc4d7cf895087223a8d72952af4de4", "target":{"file":"services/core/java/com/android/server/inputmethod/MultiClientInputMethodManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"193625215747254807880250643431487542195", "length":88}, "id":"ASB-A-204906124-7e3dd484", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/753331b390dc4d7cf895087223a8d72952af4de4", "target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java", "function":"getInputMethodWindowVisibleHeight"}}, {"deprecated":false, "digest":{"function_hash":"64625478051987566817408411198218418000", "length":48}, "id":"ASB-A-204906124-d1f968be", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/753331b390dc4d7cf895087223a8d72952af4de4", "target":{"file":"services/core/java/com/android/server/inputmethod/MultiClientInputMethodManagerService.java", "function":"getInputMethodWindowVisibleHeight"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-10-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/2ab01736a62a53d967702c69db209d112538ff8a"], "severity":"High", "spl":"2022-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"10439773466687355960683199401379014497", "length":1109}, "id":"ASB-A-204906124-0c81f782", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/2ab01736a62a53d967702c69db209d112538ff8a", "target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java", "function":"showSoftInput"}}, {"deprecated":false, "digest":{"function_hash":"64625478051987566817408411198218418000", "length":48}, "id":"ASB-A-204906124-1aeade69", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/2ab01736a62a53d967702c69db209d112538ff8a", "target":{"file":"services/core/java/com/android/server/inputmethod/MultiClientInputMethodManagerService.java", "function":"getInputMethodWindowVisibleHeight"}}, {"deprecated":false, "digest":{"line_hashes":["199820981071277627854459264243556768258", "299831826081120042736315337404127059888", "27049697355188242707229328820035351393", "98165448008069486553612194003140525962", "164155130913160312493609904190641569509", "102138500376196793242218171660316251558", "323535884742121396966749458431604532868", "178736369597720752727892766579745107237", "104263978470508955145207475929234520053", "27693688517626266369860510133124460963", "176090476711488763385348340036848785704", "105097210874115201030968931282720102176", "109506092116546848140280844862266618853", "278947635135486117207482925906274067203", "152622448139923597724939268980635293576", "269533832347455700668625693233385330172", "172382314362949356590961478931218939168", "200049417736338416022220769925825426419", "220601676738547864948911393335200914822", "135822372753838651698736279719315609814", "67764196123294656511842632954287022448", "123826413461090793457179181757650071060", "296440300852680836121190296618569415095", "25766232893959406618109028141374898125", "255622610196879653642767521719973436647", "236050267629211613586286545054645320988", "157293181107485528410484623071439093702", "34693002873726971528400834596352454474", "82994238621821454591875713105564179566", "289055332010466994089152306424151463334", "171103785610654647080351401498311198270"], "threshold":0.9}, "id":"ASB-A-204906124-4214bb77", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/2ab01736a62a53d967702c69db209d112538ff8a", "target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java"}}, {"deprecated":false, "digest":{"line_hashes":["83974276084259880562610389509029730017", "125600956322375750975868450054034445465", "12887350709039265853477061114851467024", "159085779451838875417834664242111228145"], "threshold":0.9}, "id":"ASB-A-204906124-7fd8f437", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/2ab01736a62a53d967702c69db209d112538ff8a", "target":{"file":"services/core/java/com/android/server/inputmethod/MultiClientInputMethodManagerService.java"}}, {"deprecated":false, "digest":{"line_hashes":["270222689777365805363207989524173784978", "195146663012422112579192413816154846474", "316886284012679230425127390107942420401", "24975671687396821748941627819348888413"], "threshold":0.9}, "id":"ASB-A-204906124-bb3713cf", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/2ab01736a62a53d967702c69db209d112538ff8a", "target":{"file":"core/java/android/view/inputmethod/InputMethodManager.java"}}, {"deprecated":false, "digest":{"function_hash":"193625215747254807880250643431487542195", "length":88}, "id":"ASB-A-204906124-efc38bc3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/2ab01736a62a53d967702c69db209d112538ff8a", "target":{"file":"services/core/java/com/android/server/inputmethod/InputMethodManagerService.java", "function":"getInputMethodWindowVisibleHeight"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-10-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/9df1f523f1193a653df37d27cfc1b91179b5204f"}]}