{"id":"ASB-A-216631962", "published":"2022-06-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20142", "A-216631962"], "details":"In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L-next:0"}, {"fixed":"12L-next:2022-06-01"}]}], "versions":["12L-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/5fc1c46f6312422364abbd178dd03ea6ff49960e"], "severity":"High", "spl":"2022-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"329458592877134660334172681725740967584", "length":615}, "id":"ASB-A-216631962-09c42487", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5fc1c46f6312422364abbd178dd03ea6ff49960e", "target":{"file":"core/java/android/hardware/location/GeofenceHardwareRequestParcelable.java", "function":"createFromParcel"}}, {"deprecated":false, "digest":{"line_hashes":["184615187229519317352301201980929637612", "119911995133171752876899621748193227909", "262784979149680618908871242953282125580", "30790350962984040520758659315760465286", "217320144805282038881288852457049770317", "8011992843065816806732021836927597656", "15154315980646925646273822706433439342", "82618622351725863939608951834588492279", "186304791646200806687889212758589658018", "37316828977239924046318697844108685626", "195352340105212105361665983000608108124", "208566079734656761769501294918234425361"], "threshold":0.9}, "id":"ASB-A-216631962-dc86eaa3", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5fc1c46f6312422364abbd178dd03ea6ff49960e", "target":{"file":"core/java/android/hardware/location/GeofenceHardwareRequestParcelable.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-06-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3e1ffdb29417f4fb994587a013fa56c83e157f6f"], "severity":"High", "spl":"2022-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"329458592877134660334172681725740967584", "length":615}, "id":"ASB-A-216631962-8c92240c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3e1ffdb29417f4fb994587a013fa56c83e157f6f", "target":{"file":"core/java/android/hardware/location/GeofenceHardwareRequestParcelable.java", "function":"createFromParcel"}}, {"deprecated":false, "digest":{"line_hashes":["184615187229519317352301201980929637612", "119911995133171752876899621748193227909", "262784979149680618908871242953282125580", "30790350962984040520758659315760465286", "217320144805282038881288852457049770317", "8011992843065816806732021836927597656", "15154315980646925646273822706433439342", "82618622351725863939608951834588492279", "186304791646200806687889212758589658018", "37316828977239924046318697844108685626", "195352340105212105361665983000608108124", "208566079734656761769501294918234425361"], "threshold":0.9}, "id":"ASB-A-216631962-e63c9962", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3e1ffdb29417f4fb994587a013fa56c83e157f6f", "target":{"file":"core/java/android/hardware/location/GeofenceHardwareRequestParcelable.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-06-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/ba3acb3e53c2f299a6326434ee19fe5e18ce8a30"], "severity":"High", "spl":"2022-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"329458592877134660334172681725740967584", "length":615}, "id":"ASB-A-216631962-205583bb", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ba3acb3e53c2f299a6326434ee19fe5e18ce8a30", "target":{"file":"core/java/android/hardware/location/GeofenceHardwareRequestParcelable.java", "function":"createFromParcel"}}, {"deprecated":false, "digest":{"line_hashes":["184615187229519317352301201980929637612", "119911995133171752876899621748193227909", "262784979149680618908871242953282125580", "30790350962984040520758659315760465286", "217320144805282038881288852457049770317", "8011992843065816806732021836927597656", "15154315980646925646273822706433439342", "82618622351725863939608951834588492279", "186304791646200806687889212758589658018", "37316828977239924046318697844108685626", "195352340105212105361665983000608108124", "208566079734656761769501294918234425361"], "threshold":0.9}, "id":"ASB-A-216631962-932ec662", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ba3acb3e53c2f299a6326434ee19fe5e18ce8a30", "target":{"file":"core/java/android/hardware/location/GeofenceHardwareRequestParcelable.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-06-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/094b1b927eb5cafefeaa214da38802bd22f01479"], "severity":"High", "spl":"2022-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["184615187229519317352301201980929637612", "119911995133171752876899621748193227909", "262784979149680618908871242953282125580", "30790350962984040520758659315760465286", "217320144805282038881288852457049770317", "8011992843065816806732021836927597656", "15154315980646925646273822706433439342", "82618622351725863939608951834588492279", "186304791646200806687889212758589658018", "37316828977239924046318697844108685626", "195352340105212105361665983000608108124", "208566079734656761769501294918234425361"], "threshold":0.9}, "id":"ASB-A-216631962-4d1a3623", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/094b1b927eb5cafefeaa214da38802bd22f01479", "target":{"file":"core/java/android/hardware/location/GeofenceHardwareRequestParcelable.java"}}, {"deprecated":false, "digest":{"function_hash":"329458592877134660334172681725740967584", "length":615}, "id":"ASB-A-216631962-f5dc2042", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/094b1b927eb5cafefeaa214da38802bd22f01479", "target":{"file":"core/java/android/hardware/location/GeofenceHardwareRequestParcelable.java", "function":"createFromParcel"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-06-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/e20d8ae7104f3235c8a2d72c85d19644e2ac8d86"], "severity":"High", "spl":"2022-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["184615187229519317352301201980929637612", "119911995133171752876899621748193227909", "262784979149680618908871242953282125580", "30790350962984040520758659315760465286", "217320144805282038881288852457049770317", "8011992843065816806732021836927597656", "15154315980646925646273822706433439342", "82618622351725863939608951834588492279", "186304791646200806687889212758589658018", "37316828977239924046318697844108685626", "195352340105212105361665983000608108124", "208566079734656761769501294918234425361"], "threshold":0.9}, "id":"ASB-A-216631962-2e25f65a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/e20d8ae7104f3235c8a2d72c85d19644e2ac8d86", "target":{"file":"core/java/android/hardware/location/GeofenceHardwareRequestParcelable.java"}}, {"deprecated":false, "digest":{"function_hash":"329458592877134660334172681725740967584", "length":615}, "id":"ASB-A-216631962-a0b82470", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/e20d8ae7104f3235c8a2d72c85d19644e2ac8d86", "target":{"file":"core/java/android/hardware/location/GeofenceHardwareRequestParcelable.java", "function":"createFromParcel"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-06-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/e20d8ae7104f3235c8a2d72c85d19644e2ac8d86"}]}