{"id":"ASB-A-223907044", "published":"2022-09-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2022-20218", "A-223907044"], "details":"In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/packages/modules/Permission", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2022-09-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/465c818d852b574b3cdfea6b9f38ce67920207a3"], "severity":"High", "spl":"2022-09-01", "types":["EoP"]}}, {"package":{"name":"platform/packages/modules/Permission", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-09-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/8dbba56c6fe90f5559bdcfccd70594efcbba61b6"], "severity":"High", "spl":"2022-09-01", "types":["EoP"]}}, {"package":{"name":"platform/packages/modules/Permission", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-09-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/8dbba56c6fe90f5559bdcfccd70594efcbba61b6"], "severity":"High", "spl":"2022-09-01", "types":["EoP"]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-09-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/modules/Permission/+/8dbba56c6fe90f5559bdcfccd70594efcbba61b6"}]}