{"id":"ASB-A-212467440", "published":"2022-05-01T00:00:00Z", "modified":"2026-07-03T16:08:45.503432344Z", "aliases":["CVE-2022-20116", "A-212467440"], "details":"In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-05-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/b029b005d8d4122d29cffc86b752fce13b1d4da6"], "severity":"High", "spl":"2022-05-01", "types":["EoP"]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-05-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/35998a72b71c1c18a77815e40a6b08bd9e93c97b"}]}