{"id":"ASB-A-221855295", "published":"2022-09-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20395", "A-221855295"], "details":"In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/packages/providers/MediaProvider", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2022-09-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/b18f2972ac20d5c086df3d645dd8518f4cead29b"], "severity":"High", "spl":"2022-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["83227273977673201952415963432411165056", "240530743924061286780788861302376556044", "6043250738476881819042753626898801111", "35809543942109625896991360514551123473"], "threshold":0.9}, "id":"ASB-A-221855295-1d378eec", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/b18f2972ac20d5c086df3d645dd8518f4cead29b", "target":{"file":"src/com/android/providers/media/MediaProvider.java"}}, {"deprecated":false, "digest":{"line_hashes":["251272552318062483375803532600811265251", "109158918448858443125635452458075127604", "138587773904233750919147985483441127650", "195309320759852002081564118618854052551", "245237118464282618670486643864373561354", "239923988918611491819555322259343837757", "334522434390633449750374019879302161059", "284145369461894307536698195442534463170", "156136969244990530431219627204875887987", "289313048140665975705991099574537254387", "5685128272666654397818596601519487550"], "threshold":0.9}, "id":"ASB-A-221855295-338cde89", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/b18f2972ac20d5c086df3d645dd8518f4cead29b", "target":{"file":"src/com/android/providers/media/util/FileUtils.java"}}, {"deprecated":false, "digest":{"function_hash":"204881092998669550345217478148577572159", "length":1112}, "id":"ASB-A-221855295-7dd2cf8b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/b18f2972ac20d5c086df3d645dd8518f4cead29b", "target":{"file":"src/com/android/providers/media/util/FileUtils.java", "function":"computeDataFromValues"}}, {"deprecated":false, "digest":{"function_hash":"149005686500020152072408424580414043116", "length":269}, "id":"ASB-A-221855295-c190036a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/b18f2972ac20d5c086df3d645dd8518f4cead29b", "target":{"file":"src/com/android/providers/media/MediaProvider.java", "function":"deleteIfAllowed"}}]}}, {"package":{"name":"platform/packages/providers/MediaProvider", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-09-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/9af1c783ee7332dd7dbb74252fd357308cb89891"], "severity":"High", "spl":"2022-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["83227273977673201952415963432411165056", "240530743924061286780788861302376556044", "6043250738476881819042753626898801111", "35809543942109625896991360514551123473"], "threshold":0.9}, "id":"ASB-A-221855295-5f90af00", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/9af1c783ee7332dd7dbb74252fd357308cb89891", "target":{"file":"src/com/android/providers/media/MediaProvider.java"}}, {"deprecated":false, "digest":{"function_hash":"149005686500020152072408424580414043116", "length":269}, "id":"ASB-A-221855295-7b835316", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/9af1c783ee7332dd7dbb74252fd357308cb89891", "target":{"file":"src/com/android/providers/media/MediaProvider.java", "function":"deleteIfAllowed"}}, {"deprecated":false, "digest":{"line_hashes":["239923988918611491819555322259343837757", "334522434390633449750374019879302161059", "284145369461894307536698195442534463170", "156136969244990530431219627204875887987", "289313048140665975705991099574537254387", "5685128272666654397818596601519487550"], "threshold":0.9}, "id":"ASB-A-221855295-8289a86f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/9af1c783ee7332dd7dbb74252fd357308cb89891", "target":{"file":"src/com/android/providers/media/util/FileUtils.java"}}, {"deprecated":false, "digest":{"function_hash":"183975693316331404397545371747082956439", "length":968}, "id":"ASB-A-221855295-9ddcd1ca", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/9af1c783ee7332dd7dbb74252fd357308cb89891", "target":{"file":"src/com/android/providers/media/util/FileUtils.java", "function":"computeDataFromValues"}}]}}, {"package":{"name":"platform/packages/providers/MediaProvider", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-09-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/47767be45f3486cb59b3c19c4296b38a0408dccb"], "severity":"High", "spl":"2022-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"204881092998669550345217478148577572159", "length":1112}, "id":"ASB-A-221855295-1df96ee3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/47767be45f3486cb59b3c19c4296b38a0408dccb", "target":{"file":"src/com/android/providers/media/util/FileUtils.java", "function":"computeDataFromValues"}}, {"deprecated":false, "digest":{"line_hashes":["83227273977673201952415963432411165056", "240530743924061286780788861302376556044", "6043250738476881819042753626898801111", "35809543942109625896991360514551123473"], "threshold":0.9}, "id":"ASB-A-221855295-5433c79b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/47767be45f3486cb59b3c19c4296b38a0408dccb", "target":{"file":"src/com/android/providers/media/MediaProvider.java"}}, {"deprecated":false, "digest":{"function_hash":"149005686500020152072408424580414043116", "length":269}, "id":"ASB-A-221855295-821778be", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/47767be45f3486cb59b3c19c4296b38a0408dccb", "target":{"file":"src/com/android/providers/media/MediaProvider.java", "function":"deleteIfAllowed"}}, {"deprecated":false, "digest":{"line_hashes":["251272552318062483375803532600811265251", "109158918448858443125635452458075127604", "138587773904233750919147985483441127650", "195309320759852002081564118618854052551", "245237118464282618670486643864373561354", "239923988918611491819555322259343837757", "334522434390633449750374019879302161059", "284145369461894307536698195442534463170", "156136969244990530431219627204875887987", "289313048140665975705991099574537254387", "5685128272666654397818596601519487550"], "threshold":0.9}, "id":"ASB-A-221855295-c1e1e590", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/47767be45f3486cb59b3c19c4296b38a0408dccb", "target":{"file":"src/com/android/providers/media/util/FileUtils.java"}}]}}, {"package":{"name":"platform/packages/providers/MediaProvider", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-09-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/ac1ccd49fe0e2b8f7de2e391d4f597ce56de53da"], "severity":"High", "spl":"2022-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"204881092998669550345217478148577572159", "length":1112}, "id":"ASB-A-221855295-144cb072", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/ac1ccd49fe0e2b8f7de2e391d4f597ce56de53da", "target":{"file":"src/com/android/providers/media/util/FileUtils.java", "function":"computeDataFromValues"}}, {"deprecated":false, "digest":{"line_hashes":["83227273977673201952415963432411165056", "240530743924061286780788861302376556044", "6043250738476881819042753626898801111", "35809543942109625896991360514551123473"], "threshold":0.9}, "id":"ASB-A-221855295-b3fb6e59", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/ac1ccd49fe0e2b8f7de2e391d4f597ce56de53da", "target":{"file":"src/com/android/providers/media/MediaProvider.java"}}, {"deprecated":false, "digest":{"function_hash":"149005686500020152072408424580414043116", "length":269}, "id":"ASB-A-221855295-ca99e207", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/ac1ccd49fe0e2b8f7de2e391d4f597ce56de53da", "target":{"file":"src/com/android/providers/media/MediaProvider.java", "function":"deleteIfAllowed"}}, {"deprecated":false, "digest":{"line_hashes":["251272552318062483375803532600811265251", "109158918448858443125635452458075127604", "138587773904233750919147985483441127650", "195309320759852002081564118618854052551", "245237118464282618670486643864373561354", "239923988918611491819555322259343837757", "334522434390633449750374019879302161059", "284145369461894307536698195442534463170", "156136969244990530431219627204875887987", "289313048140665975705991099574537254387", "5685128272666654397818596601519487550"], "threshold":0.9}, "id":"ASB-A-221855295-f1a102ef", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/ac1ccd49fe0e2b8f7de2e391d4f597ce56de53da", "target":{"file":"src/com/android/providers/media/util/FileUtils.java"}}]}}, {"package":{"name":"platform/packages/providers/MediaProvider", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2022-09-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/18939f61c18602131116ac12eabaf5016f7b5180"], "severity":"High", "spl":"2022-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["251272552318062483375803532600811265251", "109158918448858443125635452458075127604", "138587773904233750919147985483441127650", "195309320759852002081564118618854052551", "245237118464282618670486643864373561354", "239923988918611491819555322259343837757", "334522434390633449750374019879302161059", "284145369461894307536698195442534463170", "156136969244990530431219627204875887987", "289313048140665975705991099574537254387", "5685128272666654397818596601519487550"], "threshold":0.9}, "id":"ASB-A-221855295-06b0d5ac", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/18939f61c18602131116ac12eabaf5016f7b5180", "target":{"file":"src/com/android/providers/media/util/FileUtils.java"}}, {"deprecated":false, "digest":{"function_hash":"149005686500020152072408424580414043116", "length":269}, "id":"ASB-A-221855295-a1dd0b6b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/18939f61c18602131116ac12eabaf5016f7b5180", "target":{"file":"src/com/android/providers/media/MediaProvider.java", "function":"deleteIfAllowed"}}, {"deprecated":false, "digest":{"line_hashes":["83227273977673201952415963432411165056", "240530743924061286780788861302376556044", "6043250738476881819042753626898801111", "35809543942109625896991360514551123473"], "threshold":0.9}, "id":"ASB-A-221855295-ba14e614", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/18939f61c18602131116ac12eabaf5016f7b5180", "target":{"file":"src/com/android/providers/media/MediaProvider.java"}}, {"deprecated":false, "digest":{"function_hash":"204881092998669550345217478148577572159", "length":1112}, "id":"ASB-A-221855295-e1a0f3c0", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/18939f61c18602131116ac12eabaf5016f7b5180", "target":{"file":"src/com/android/providers/media/util/FileUtils.java", "function":"computeDataFromValues"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-09-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/9b7b8bd674491ce499d76b52cd2209d7db261ea0"}]}