{"id":"ASB-A-222473855", "published":"2022-08-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20352", "A-222473855"], "details":"In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-08-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/5b376bc9fd51e1a39fd5e1bd6a698c7cb2b9b3d4"], "severity":"High", "spl":"2022-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["328193556248782951641790205605243217679", "79217138068238015332246817556987679606", "36064791564867081232686217098038219702", "5784399782363552574594590744373558609", "336972343672231522499555034970395487447", "277489103222861791030479602005192860012", "252406015658564531537233619625780896708", "304948244687256552779491518059006470202", "327978033885819513148177202686636115912", "54047258394796158275613986573117815311", "80826063658136628057348524678411856397"], "threshold":0.9}, "id":"ASB-A-222473855-514972bf", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5b376bc9fd51e1a39fd5e1bd6a698c7cb2b9b3d4", "target":{"file":"services/core/java/com/android/server/location/LocationManagerService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-08-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/d1e6b59356214115c28ede53f48279b5d0f44b67"], "severity":"High", "spl":"2022-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["328193556248782951641790205605243217679", "79217138068238015332246817556987679606", "36064791564867081232686217098038219702", "5784399782363552574594590744373558609", "336972343672231522499555034970395487447", "277489103222861791030479602005192860012", "252406015658564531537233619625780896708", "304948244687256552779491518059006470202", "327978033885819513148177202686636115912", "54047258394796158275613986573117815311", "80826063658136628057348524678411856397"], "threshold":0.9}, "id":"ASB-A-222473855-6bcf97bb", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/d1e6b59356214115c28ede53f48279b5d0f44b67", "target":{"file":"services/core/java/com/android/server/location/LocationManagerService.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-08-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/f796ac71c3c583139d7cfe8cc70fd1f2f4e251a0"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/ec3a20c2b28906247e7d13ae4af17c701dd5ee21"}]}