{"id":"ASB-A-228450811", "published":"2022-08-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2022-20347", "A-228450811"], "details":"In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/packages/apps/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-08-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/06139d3ffc37cb4b7974f95ccf08512c6fcad26d"], "severity":"High", "spl":"2022-08-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"13919919985601905534216584854032341268", "length":856}, "id":"ASB-A-228450811-34934f0e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/06139d3ffc37cb4b7974f95ccf08512c6fcad26d", "target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java", "function":"onAttach"}}, {"deprecated":false, "digest":{"line_hashes":["54217086981814180212189485121760539851", "261739059670434564785450967806299967903", "41067553375884720821611857407055261273", "137837912929574767692735686410794945957", "56357263559963899663107324463737726573", "9114155055727489661803632310053793189", "94018531324307120263608100370258872334", "6514451304108629292662999225639745043", "135791731730466980643930382946287805964", "234462997388563845605361232523379613206", "274445856122569385262686860387721320635", "331372866387346569117615521148814378898", "322746544384854418103538752332004024739", "221639065747129932344001369290868713095", "248215125813645792421551754924777187308", "285427982986700501602679183363004467168"], "threshold":0.9}, "id":"ASB-A-228450811-7a20190f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/06139d3ffc37cb4b7974f95ccf08512c6fcad26d", "target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"}}]}}, {"package":{"name":"platform/packages/apps/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-08-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/c44b6fed73668dcdee066ea125e93e48dc31d3ee"], "severity":"High", "spl":"2022-08-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["54217086981814180212189485121760539851", "261739059670434564785450967806299967903", "41067553375884720821611857407055261273", "137837912929574767692735686410794945957", "56357263559963899663107324463737726573", "9114155055727489661803632310053793189", "94018531324307120263608100370258872334", "6514451304108629292662999225639745043", "135791731730466980643930382946287805964", "234462997388563845605361232523379613206", "274445856122569385262686860387721320635", "331372866387346569117615521148814378898", "322746544384854418103538752332004024739", "221639065747129932344001369290868713095", "142489513983106137869263719183573711648", "124324795784551632906599239120494070203"], "threshold":0.9}, "id":"ASB-A-228450811-7f33b989", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/c44b6fed73668dcdee066ea125e93e48dc31d3ee", "target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"}}, {"deprecated":false, "digest":{"function_hash":"143352052092941315242526665037436373403", "length":807}, "id":"ASB-A-228450811-a5e9cd84", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/c44b6fed73668dcdee066ea125e93e48dc31d3ee", "target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java", "function":"onAttach"}}]}}, {"package":{"name":"platform/packages/apps/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-08-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/1c4142e1aea6236b8058377ecdc9d0575fca68ee"], "severity":"High", "spl":"2022-08-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"143352052092941315242526665037436373403", "length":807}, "id":"ASB-A-228450811-5bcd8c13", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/1c4142e1aea6236b8058377ecdc9d0575fca68ee", "target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java", "function":"onAttach"}}, {"deprecated":false, "digest":{"line_hashes":["54217086981814180212189485121760539851", "261739059670434564785450967806299967903", "41067553375884720821611857407055261273", "137837912929574767692735686410794945957", "56357263559963899663107324463737726573", "9114155055727489661803632310053793189", "94018531324307120263608100370258872334", "6514451304108629292662999225639745043", "135791731730466980643930382946287805964", "234462997388563845605361232523379613206", "274445856122569385262686860387721320635", "331372866387346569117615521148814378898", "322746544384854418103538752332004024739", "221639065747129932344001369290868713095", "142489513983106137869263719183573711648", "124324795784551632906599239120494070203"], "threshold":0.9}, "id":"ASB-A-228450811-73cbe7bc", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/1c4142e1aea6236b8058377ecdc9d0575fca68ee", "target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"}}]}}, {"package":{"name":"platform/packages/apps/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-08-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/8bae22248940fe0549c7e6cfab07948f1e4f6b37"], "severity":"High", "spl":"2022-08-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"143352052092941315242526665037436373403", "length":807}, "id":"ASB-A-228450811-146850ef", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/8bae22248940fe0549c7e6cfab07948f1e4f6b37", "target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java", "function":"onAttach"}}, {"deprecated":false, "digest":{"line_hashes":["54217086981814180212189485121760539851", "261739059670434564785450967806299967903", "41067553375884720821611857407055261273", "137837912929574767692735686410794945957", "56357263559963899663107324463737726573", "9114155055727489661803632310053793189", "94018531324307120263608100370258872334", "6514451304108629292662999225639745043", "135791731730466980643930382946287805964", "234462997388563845605361232523379613206", "274445856122569385262686860387721320635", "331372866387346569117615521148814378898", "322746544384854418103538752332004024739", "221639065747129932344001369290868713095", "142489513983106137869263719183573711648", "124324795784551632906599239120494070203"], "threshold":0.9}, "id":"ASB-A-228450811-83067314", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/8bae22248940fe0549c7e6cfab07948f1e4f6b37", "target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-08-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/apps/Settings/+/01b6a6222e5e8cf59e317f4f52df71308bfb8bc5"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/apps/Settings/+/205752dcf2062eb3deeb7f3b7d1eb8af7d8b2634"}]}