{"id":"ASB-A-213323615", "published":"2022-09-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20392", "A-213323615"], "details":"In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2022-09-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/45b23196772a4fe8875f2ca6514208fe368c2cd5", "https://android.googlesource.com/platform/frameworks/base/+/768169a8e1b65cdd4f47fed52a8b3fff18016061"], "severity":"High", "spl":"2022-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"222477290850616987492039786133937418277", "length":2309}, "id":"ASB-A-213323615-65bfc3f8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/768169a8e1b65cdd4f47fed52a8b3fff18016061", "target":{"file":"services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java", "function":"parseBaseApkTags"}}, {"deprecated":false, "digest":{"line_hashes":["171954828546494665638449620237007476146", "138230328125735189702551647118258522300", "66911870150652868372762664757020976034", "126544075330880814485597373368838234029", "161955626396984310422053415133790104868", "44224016879351917650399198346077428727", "258711060345342370887990952933405685337", "317197493576894256207066853499986172570", "246463573195658993781943180954645172040", "145317144895435869522785638478994222335", "178436679841938312293330076258015284872", "118113043254339526114670024925213760415", "184619219455531940373010508355025659920", "93343326006408052363045059849964387748", "325322957684507868993071065258824276295", "286047412350252109457618375108665998574"], "threshold":0.9}, "id":"ASB-A-213323615-865932be", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/768169a8e1b65cdd4f47fed52a8b3fff18016061", "target":{"file":"services/core/java/com/android/server/pm/pkg/component/ParsedPermissionUtils.java"}}, {"deprecated":false, "digest":{"line_hashes":["117734366611283682658654943499471071695", "276769917539867857987563833180772071061", "45281106013445078395372620220823851808", "174605364919204227151076438204749758300"], "threshold":0.9}, "id":"ASB-A-213323615-d81e6f7d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/768169a8e1b65cdd4f47fed52a8b3fff18016061", "target":{"file":"services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java"}}, {"deprecated":false, "digest":{"function_hash":"112977023920727231037731816425652706666", "length":557}, "id":"ASB-A-213323615-f4997800", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/768169a8e1b65cdd4f47fed52a8b3fff18016061", "target":{"file":"services/core/java/com/android/server/pm/pkg/component/ParsedPermissionUtils.java", "function":"declareDuplicatePermission"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-09-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/50d343c656921ba9c730c68b7a41de6b15f57f03", "https://android.googlesource.com/platform/frameworks/base/+/31bd425bb66b108cdec357a00f4a586379bcd33a"], "severity":"High", "spl":"2022-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["188699400104044092819147146443519659988", "293801403865878645900028306423536692043", "293689986215439404709957682108036202438", "85561819563484648053084880425161231140", "231088565817113626913859475956546366049", "127723794484949765253308390424340886076", "289813876127781859409162812311882125720", "277580085141545940257826528018572104067", "200837008128332139592711974640783398098", "255760948579642866354411139308896485145", "279983292969872000786696812348496587372", "111185961665560459476792883498641861581", "87763767637835835745134353284850099186", "7767745543790808411011488352182659809"], "threshold":0.9}, "id":"ASB-A-213323615-825c11bd", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/31bd425bb66b108cdec357a00f4a586379bcd33a", "target":{"file":"core/java/android/content/pm/PackageParser.java"}}, {"deprecated":false, "digest":{"function_hash":"221683797801226663888042917378851067973", "length":17224}, "id":"ASB-A-213323615-f8466737", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/31bd425bb66b108cdec357a00f4a586379bcd33a", "target":{"file":"core/java/android/content/pm/PackageParser.java", "function":"parseBaseApkCommon"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-09-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/bbe2a118277d9b225a272c53e509fdeb2fe0a993", "https://android.googlesource.com/platform/frameworks/base/+/f9a9dc720c151ce9d8a2bba6f5400f5a8f759b2d"], "severity":"High", "spl":"2022-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["305401523789499478827361557217961658045", "102413550799631146447224294227010522080", "87971491308847713561417604219896459843", "113131329508990271118021391579675679397", "179195736965089138526883985577918343094", "55405762641005904618620824843357796760", "92535241445486926952776061151884044920", "197367873607234268646028747359521864696", "337123267244188402432015517011801665134", "162975221799299857987152505544839104588"], "threshold":0.9}, "id":"ASB-A-213323615-572ab99e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f9a9dc720c151ce9d8a2bba6f5400f5a8f759b2d", "target":{"file":"core/java/android/content/pm/parsing/component/ParsedPermissionUtils.java"}}, {"deprecated":false, "digest":{"function_hash":"280932360100611518604172093024776033945", "length":2188}, "id":"ASB-A-213323615-c7f8efd9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f9a9dc720c151ce9d8a2bba6f5400f5a8f759b2d", "target":{"file":"core/java/android/content/pm/parsing/ParsingPackageUtils.java", "function":"parseBaseApkTags"}}, {"deprecated":false, "digest":{"line_hashes":["4852701972688570944352678454668752570", "249479494306241659973766196730396190843", "329987915965942833107201356462141170304", "33120293543104832175888766753343462142", "47371257511090445633612852528199684994", "28328073654286549053901239839352771712", "112621608431384631126549263526452059074"], "threshold":0.9}, "id":"ASB-A-213323615-fd3c0cf0", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f9a9dc720c151ce9d8a2bba6f5400f5a8f759b2d", "target":{"file":"core/java/android/content/pm/parsing/ParsingPackageUtils.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-09-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/dfeea39dbc61ea9884e7e017335cbdf4942fa181", "https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d"], "severity":"High", "spl":"2022-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["238174133896978183187111184948420411824", "102413550799631146447224294227010522080", "87971491308847713561417604219896459843", "113669925240391797581799984901176333066", "194260612185699153829775252896703736038", "239380133730887134163356706748051582986", "66072770650890385991639424402343216567", "247359269890610958875662004948764016911", "337123267244188402432015517011801665134", "162975221799299857987152505544839104588"], "threshold":0.9}, "id":"ASB-A-213323615-9bd5b0e9", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d", "target":{"file":"core/java/android/content/pm/parsing/component/ParsedPermissionUtils.java"}}, {"deprecated":false, "digest":{"line_hashes":["215224564606111572183109105517834768236", "103717906963742723714051349868307315925", "329987915965942833107201356462141170304", "33120293543104832175888766753343462142", "118249337739705624783597869770329249557", "28328073654286549053901239839352771712", "112621608431384631126549263526452059074"], "threshold":0.9}, "id":"ASB-A-213323615-a916a71b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d", "target":{"file":"core/java/android/content/pm/parsing/ParsingPackageUtils.java"}}, {"deprecated":false, "digest":{"function_hash":"73688360684607996266791569226529616467", "length":2112}, "id":"ASB-A-213323615-f4a8df9d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d", "target":{"file":"core/java/android/content/pm/parsing/ParsingPackageUtils.java", "function":"parseBaseApkTags"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-09-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/dfeea39dbc61ea9884e7e017335cbdf4942fa181", "https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d"], "severity":"High", "spl":"2022-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["215224564606111572183109105517834768236", "103717906963742723714051349868307315925", "329987915965942833107201356462141170304", "33120293543104832175888766753343462142", "118249337739705624783597869770329249557", "28328073654286549053901239839352771712", "112621608431384631126549263526452059074"], "threshold":0.9}, "id":"ASB-A-213323615-1113719f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d", "target":{"file":"core/java/android/content/pm/parsing/ParsingPackageUtils.java"}}, {"deprecated":false, "digest":{"line_hashes":["238174133896978183187111184948420411824", "102413550799631146447224294227010522080", "87971491308847713561417604219896459843", "113669925240391797581799984901176333066", "194260612185699153829775252896703736038", "239380133730887134163356706748051582986", "66072770650890385991639424402343216567", "247359269890610958875662004948764016911", "337123267244188402432015517011801665134", "162975221799299857987152505544839104588"], "threshold":0.9}, "id":"ASB-A-213323615-177f36d1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d", "target":{"file":"core/java/android/content/pm/parsing/component/ParsedPermissionUtils.java"}}, {"deprecated":false, "digest":{"function_hash":"73688360684607996266791569226529616467", "length":2112}, "id":"ASB-A-213323615-9aa388d8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d", "target":{"file":"core/java/android/content/pm/parsing/ParsingPackageUtils.java", "function":"parseBaseApkTags"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-09-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/745e31e1be11d0b2f005590c4d448a8cb9bfbe35"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/548edbb850227e076735615f83f8e23352b0b82d"}]}