{"id":"ASB-A-211114016", "published":"2022-05-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2022-20114", "A-211114016"], "details":"In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/packages/services/Telecomm", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-05-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94"], "severity":"High", "spl":"2022-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["334496569029378158376356602430577385004", "252726610288078477854267985688164103893", "99122195730393576727765743222189936483", "64610678140713121228375934500771637601", "260578530871624581937041925452600512534", "337730256662846322698942553963496997145", "287604523731226794206619313113865311357", "138061007320226678190819222677152281196"], "threshold":0.9}, "id":"ASB-A-211114016-b64503ac", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94", "target":{"file":"src/com/android/server/telecom/ServiceBinder.java"}}, {"deprecated":false, "digest":{"function_hash":"66878516958988472003176680037762736593", "length":788}, "id":"ASB-A-211114016-ce35ce40", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94", "target":{"file":"src/com/android/server/telecom/ServiceBinder.java", "function":"onServiceConnected"}}]}}, {"package":{"name":"platform/packages/services/Telecomm", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-05-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94"], "severity":"High", "spl":"2022-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"66878516958988472003176680037762736593", "length":788}, "id":"ASB-A-211114016-0fca5e6c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94", "target":{"file":"src/com/android/server/telecom/ServiceBinder.java", "function":"onServiceConnected"}}, {"deprecated":false, "digest":{"line_hashes":["334496569029378158376356602430577385004", "252726610288078477854267985688164103893", "99122195730393576727765743222189936483", "64610678140713121228375934500771637601", "260578530871624581937041925452600512534", "337730256662846322698942553963496997145", "287604523731226794206619313113865311357", "138061007320226678190819222677152281196"], "threshold":0.9}, "id":"ASB-A-211114016-c850c20a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94", "target":{"file":"src/com/android/server/telecom/ServiceBinder.java"}}]}}, {"package":{"name":"platform/packages/services/Telecomm", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-05-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94"], "severity":"High", "spl":"2022-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["334496569029378158376356602430577385004", "252726610288078477854267985688164103893", "99122195730393576727765743222189936483", "64610678140713121228375934500771637601", "260578530871624581937041925452600512534", "337730256662846322698942553963496997145", "287604523731226794206619313113865311357", "138061007320226678190819222677152281196"], "threshold":0.9}, "id":"ASB-A-211114016-7ebc83f5", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94", "target":{"file":"src/com/android/server/telecom/ServiceBinder.java"}}, {"deprecated":false, "digest":{"function_hash":"66878516958988472003176680037762736593", "length":788}, "id":"ASB-A-211114016-d4ce3872", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94", "target":{"file":"src/com/android/server/telecom/ServiceBinder.java", "function":"onServiceConnected"}}]}}, {"package":{"name":"platform/packages/services/Telecomm", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-05-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94"], "severity":"High", "spl":"2022-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"66878516958988472003176680037762736593", "length":788}, "id":"ASB-A-211114016-aaea40d9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94", "target":{"file":"src/com/android/server/telecom/ServiceBinder.java", "function":"onServiceConnected"}}, {"deprecated":false, "digest":{"line_hashes":["334496569029378158376356602430577385004", "252726610288078477854267985688164103893", "99122195730393576727765743222189936483", "64610678140713121228375934500771637601", "260578530871624581937041925452600512534", "337730256662846322698942553963496997145", "287604523731226794206619313113865311357", "138061007320226678190819222677152281196"], "threshold":0.9}, "id":"ASB-A-211114016-bd312533", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/410ce026004bb485c39afcc7d86e89d26ff1af94", "target":{"file":"src/com/android/server/telecom/ServiceBinder.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-05-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a2f52c2d771e0acea6bb27fdbe6dae2b37f2df04"}]}