{"id":"ASB-A-234013191", "published":"2022-12-01T00:00:00Z", "modified":"2026-06-19T15:21:58.810540849Z", "aliases":["CVE-2022-20470", "A-234013191"], "details":"In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-12-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011"], "severity":"High", "spl":"2022-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["301939499715474086686814466129782162595", "338666126514144047379684270714637681856", "237068998572706870373509846032853599867", "253068636425074951647775241125817726292", "81309442384179410729868758149480836056", "149351765488031146942561662630386098070", "258822827992832751568478612410852030246", "1472386385560218029928473278780656262"], "threshold":0.9}, "id":"ASB-A-234013191-60122e66", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011", "target":{"file":"services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java"}}, {"deprecated":false, "digest":{"function_hash":"208609670895234307832493313701423419039", "length":1287}, "id":"ASB-A-234013191-eb2953dc", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011", "target":{"file":"services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java", "function":"bindRemoteViewsService"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-12-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011"], "severity":"High", "spl":"2022-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["301939499715474086686814466129782162595", "338666126514144047379684270714637681856", "237068998572706870373509846032853599867", "253068636425074951647775241125817726292", "81309442384179410729868758149480836056", "149351765488031146942561662630386098070", "258822827992832751568478612410852030246", "1472386385560218029928473278780656262"], "threshold":0.9}, "id":"ASB-A-234013191-8788b533", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011", "target":{"file":"services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java"}}, {"deprecated":false, "digest":{"function_hash":"208609670895234307832493313701423419039", "length":1287}, "id":"ASB-A-234013191-efe3eff5", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011", "target":{"file":"services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java", "function":"bindRemoteViewsService"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-12-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011"], "severity":"High", "spl":"2022-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"208609670895234307832493313701423419039", "length":1287}, "id":"ASB-A-234013191-165e71a1", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011", "target":{"file":"services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java", "function":"bindRemoteViewsService"}}, {"deprecated":false, "digest":{"line_hashes":["301939499715474086686814466129782162595", "338666126514144047379684270714637681856", "237068998572706870373509846032853599867", "253068636425074951647775241125817726292", "81309442384179410729868758149480836056", "149351765488031146942561662630386098070", "258822827992832751568478612410852030246", "1472386385560218029928473278780656262"], "threshold":0.9}, "id":"ASB-A-234013191-a619de18", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011", "target":{"file":"services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-12-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011"], "severity":"High", "spl":"2022-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"208609670895234307832493313701423419039", "length":1287}, "id":"ASB-A-234013191-ad3fa7e5", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011", "target":{"file":"services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java", "function":"bindRemoteViewsService"}}, {"deprecated":false, "digest":{"line_hashes":["301939499715474086686814466129782162595", "338666126514144047379684270714637681856", "237068998572706870373509846032853599867", "253068636425074951647775241125817726292", "81309442384179410729868758149480836056", "149351765488031146942561662630386098070", "258822827992832751568478612410852030246", "1472386385560218029928473278780656262"], "threshold":0.9}, "id":"ASB-A-234013191-bbad910f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011", "target":{"file":"services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2022-12-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011"], "severity":"High", "spl":"2022-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["301939499715474086686814466129782162595", "338666126514144047379684270714637681856", "237068998572706870373509846032853599867", "253068636425074951647775241125817726292", "81309442384179410729868758149480836056", "149351765488031146942561662630386098070", "258822827992832751568478612410852030246", "1472386385560218029928473278780656262"], "threshold":0.9}, "id":"ASB-A-234013191-a214aa4c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011", "target":{"file":"services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java"}}, {"deprecated":false, "digest":{"function_hash":"208609670895234307832493313701423419039", "length":1287}, "id":"ASB-A-234013191-c0a2b185", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0ee21ef3e652c78c934d257632a4951bd6d38011", "target":{"file":"services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java", "function":"bindRemoteViewsService"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/263d7d0ba8818c471a27938c4e002bae33569f01"}]}