{"id":"ASB-A-219044664", "published":"2022-05-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20005", "A-219044664"], "details":"In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-05-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/a5dd59db6d1889ae0aa95ef01bbf8c98e360a2f2"], "severity":"High", "spl":"2022-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"231990516022432859515481353455776451874", "length":6954}, "id":"ASB-A-219044664-1a69041b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a5dd59db6d1889ae0aa95ef01bbf8c98e360a2f2", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerSession.java", "function":"validateApkInstallLocked"}}, {"deprecated":false, "digest":{"line_hashes":["180540424809410108203819155674178703077", "310192941804949544849809573407891877990", "119835757437939988808744406930910971941", "70541103374231375402887502243412630152", "33594561195262327339142717655851560430", "155927009038804990930832153736923090981", "250405756640230757845653727125355385240", "203884490892640686155713902095510326404", "99683244548145421579673942579196578890", "240835686705695241023296524170794580937", "250527447965076997283029578436906981614", "117468068627482448288391961128067969669"], "threshold":0.9}, "id":"ASB-A-219044664-837b635c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a5dd59db6d1889ae0aa95ef01bbf8c98e360a2f2", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerSession.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-05-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/52a4337a4790350e8270b0712d9977159c07e096"], "severity":"High", "spl":"2022-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["180540424809410108203819155674178703077", "310192941804949544849809573407891877990", "119835757437939988808744406930910971941", "70541103374231375402887502243412630152", "33594561195262327339142717655851560430", "155927009038804990930832153736923090981", "250405756640230757845653727125355385240", "203884490892640686155713902095510326404", "99683244548145421579673942579196578890", "30731540922810736168728098478051819998", "234229738927911877615018910976101797115", "247795310976460709509992912805621675362"], "threshold":0.9}, "id":"ASB-A-219044664-8b7c1747", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/52a4337a4790350e8270b0712d9977159c07e096", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerSession.java"}}, {"deprecated":false, "digest":{"function_hash":"182370216373814584356638447485313003128", "length":7728}, "id":"ASB-A-219044664-f8cfcde2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/52a4337a4790350e8270b0712d9977159c07e096", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerSession.java", "function":"validateApkInstallLocked"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-05-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/5b2e8af805e559c484f4c17d96459a3284d48824"], "severity":"High", "spl":"2022-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["126649318037345343753490697120452954107", "194773562856015092151238496551787168544", "232480445117399624084228075804858210752", "70541103374231375402887502243412630152", "171320219436343288127093230170613975268", "241106788494647486170183478616371241689", "286485087625539031559168727923564794757", "119023713081308280265343167240695200326", "99683244548145421579673942579196578890", "30731540922810736168728098478051819998", "234229738927911877615018910976101797115", "247795310976460709509992912805621675362"], "threshold":0.9}, "id":"ASB-A-219044664-71a43813", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5b2e8af805e559c484f4c17d96459a3284d48824", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerSession.java"}}, {"deprecated":false, "digest":{"function_hash":"208139483470825842445175165543268099324", "length":8530}, "id":"ASB-A-219044664-81a2541b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5b2e8af805e559c484f4c17d96459a3284d48824", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerSession.java", "function":"validateApkInstallLocked"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-05-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/36b0e9e94c3af7e5f81b88d68447c890d1126498"], "severity":"High", "spl":"2022-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"208139483470825842445175165543268099324", "length":8530}, "id":"ASB-A-219044664-5262c664", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/36b0e9e94c3af7e5f81b88d68447c890d1126498", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerSession.java", "function":"validateApkInstallLocked"}}, {"deprecated":false, "digest":{"line_hashes":["126649318037345343753490697120452954107", "194773562856015092151238496551787168544", "232480445117399624084228075804858210752", "70541103374231375402887502243412630152", "171320219436343288127093230170613975268", "241106788494647486170183478616371241689", "286485087625539031559168727923564794757", "119023713081308280265343167240695200326", "99683244548145421579673942579196578890", "30731540922810736168728098478051819998", "234229738927911877615018910976101797115", "247795310976460709509992912805621675362"], "threshold":0.9}, "id":"ASB-A-219044664-967ee436", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/36b0e9e94c3af7e5f81b88d68447c890d1126498", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerSession.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-05-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/5df6c3f7099d3d2e237f54c41692bdef5f090d45"}]}