{"id":"ASB-A-215003903", "published":"2022-08-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20356", "A-215003903"], "details":"In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-08-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/023509e4871c0dafb842dc812bfa62e8d59cbfae"], "severity":"High", "spl":"2022-08-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["141936494101994435910609408495157456321", "254285161234220043694179047609840989917", "294217032209153822903983582602723288062", "114669496521924656086088538563371127692", "28024616308006341106976744842847987427", "132599590917118019040485781019659441855", "122949261054482915679161995712476699604", "2141210285318930533601221656012838095", "50021513281883459740062358831646004931"], "threshold":0.9}, "id":"ASB-A-215003903-89bf26fd", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/023509e4871c0dafb842dc812bfa62e8d59cbfae", "target":{"file":"services/core/java/com/android/server/am/ActiveServices.java"}}, {"deprecated":false, "digest":{"function_hash":"147316198261685096379061978137664119284", "length":1246}, "id":"ASB-A-215003903-b2c1d615", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/023509e4871c0dafb842dc812bfa62e8d59cbfae", "target":{"file":"services/core/java/com/android/server/am/ActiveServices.java", "function":"shouldAllowWhileInUsePermissionInFgsLocked"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-08-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/eef20391ce4d15d4508dc295cb338954a7c69de7"], "severity":"High", "spl":"2022-08-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"10144134792327162878797898150830193414", "length":1886}, "id":"ASB-A-215003903-200ce707", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/eef20391ce4d15d4508dc295cb338954a7c69de7", "target":{"file":"services/core/java/com/android/server/am/ActiveServices.java", "function":"shouldAllowFgsWhileInUsePermissionLocked"}}, {"deprecated":false, "digest":{"line_hashes":["299260667654334594643410106607925375679", "272466948077187693167245472331509964857", "129575487162808911263554416528590020154", "334165868034975187755725054720244119975", "160611083855957589510357465509023293701", "134808848653476560137711870956353618342", "44906403825218549378530239113478347453", "105820695026477628508134818188457768511", "32352918875873988651242560550162227561"], "threshold":0.9}, "id":"ASB-A-215003903-98f1d2ad", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/eef20391ce4d15d4508dc295cb338954a7c69de7", "target":{"file":"services/core/java/com/android/server/am/ActiveServices.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-08-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/b21cc11dd74ceb2da100bd243c33392d4dc2cb7d"], "severity":"High", "spl":"2022-08-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["299260667654334594643410106607925375679", "272466948077187693167245472331509964857", "129575487162808911263554416528590020154", "334165868034975187755725054720244119975", "160611083855957589510357465509023293701", "134808848653476560137711870956353618342", "44906403825218549378530239113478347453", "105820695026477628508134818188457768511", "32352918875873988651242560550162227561"], "threshold":0.9}, "id":"ASB-A-215003903-26bf66ff", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/b21cc11dd74ceb2da100bd243c33392d4dc2cb7d", "target":{"file":"services/core/java/com/android/server/am/ActiveServices.java"}}, {"deprecated":false, "digest":{"function_hash":"10144134792327162878797898150830193414", "length":1886}, "id":"ASB-A-215003903-71d4f31a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/b21cc11dd74ceb2da100bd243c33392d4dc2cb7d", "target":{"file":"services/core/java/com/android/server/am/ActiveServices.java", "function":"shouldAllowFgsWhileInUsePermissionLocked"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-08-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/05cd832c241a543feb3a833e75b56c6f253b05e9"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/7fa1b4d0657c1fcf88a1588863e16e4e468201a1"}]}