{"id":"ASB-A-234440688", "published":"2022-09-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20396", "A-234440688"], "details":"In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/packages/apps/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2022-09-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/6dcbb25fa50ce78d557a2163ecc580cb3019c529"], "severity":"High", "spl":"2022-09-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["119105830887202847828743114110704015010", "286762870007429537793915799176909290333", "121816353728658712091538528467758640365", "19592784335296858685853820961661671862", "126154069818861400221276473782020961444", "288159028028627004182746078235050406261", "82795765862042155059755556685281178010", "322506073509584080313550723877538223346", "282042956962584523644695825894720196789", "332099452835483432240376586532357452691", "306208524907543003627718939471761560144", "269463429052517483281097935448069251972", "320641842633859231116508047806350815442", "335871720811941217376527482591779703789", "12079542513812903161692716530038858904"], "threshold":0.9}, "id":"ASB-A-234440688-33bca3c8", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/6dcbb25fa50ce78d557a2163ecc580cb3019c529", "target":{"file":"src/com/android/settings/SettingsActivity.java"}}, {"deprecated":false, "digest":{"line_hashes":["319872827816851647717371349393416325476", "212357963224754359228842325870144500604", "173565680331490800229406522870336291472", "296272528443733225337110380235312617072", "225180191949311179386757110182805562197", "132840555199023955054648506055181253157", "166152938260230673924537411540086773937", "217367192194101887875000122180541600025", "56357263559963899663107324463737726573", "136017922404587097463704754473708476142", "39823467889662418534817717353275945160", "267785463599647351746920985700031222482"], "threshold":0.9}, "id":"ASB-A-234440688-3b98e807", "match_only_versions":["13-next"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/6dcbb25fa50ce78d557a2163ecc580cb3019c529", "target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"}}, {"deprecated":false, "digest":{"function_hash":"266266937796773839997333389235888809265", "length":909}, "id":"ASB-A-234440688-a5cb590f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/6dcbb25fa50ce78d557a2163ecc580cb3019c529", "target":{"file":"src/com/android/settings/SettingsActivity.java", "function":"tryStartTwoPaneDeepLink"}}, {"deprecated":false, "digest":{"function_hash":"19204995285806054054315280470773614748", "length":813}, "id":"ASB-A-234440688-e2f8dedd", "match_only_versions":["13-next"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/6dcbb25fa50ce78d557a2163ecc580cb3019c529", "target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java", "function":"onAttach"}}]}}, {"package":{"name":"platform/packages/apps/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-09-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/846d0286a8c1608796a64d9f6748c52bc3612bc1"], "severity":"High", "spl":"2022-09-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"7323693548425725269011574414207102258", "length":438}, "id":"ASB-A-234440688-06e4363a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/846d0286a8c1608796a64d9f6748c52bc3612bc1", "target":{"file":"src/com/android/settings/SettingsActivity.java", "function":"launchHomepageForTwoPaneDeepLink"}}, {"deprecated":false, "digest":{"line_hashes":["114589388220254390488480222799855039727", "31934974028308334941258602697830233193", "121816353728658712091538528467758640365", "19592784335296858685853820961661671862", "145989860462962721831415883853515642395", "143692941758530183061451282460626029231", "283885755928999029809470670335834163893", "293438345841106787427840363580600929061", "70747576966754742677289661698728526590", "264939523191001103361048828542538674309", "177796233075612688915900478785486463417", "320641842633859231116508047806350815442", "335871720811941217376527482591779703789", "12079542513812903161692716530038858904"], "threshold":0.9}, "id":"ASB-A-234440688-168c6e3c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/846d0286a8c1608796a64d9f6748c52bc3612bc1", "target":{"file":"src/com/android/settings/SettingsActivity.java"}}, {"deprecated":false, "digest":{"function_hash":"19204995285806054054315280470773614748", "length":813}, "id":"ASB-A-234440688-22f3aa76", "match_only_versions":["12L"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/846d0286a8c1608796a64d9f6748c52bc3612bc1", "target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java", "function":"onAttach"}}, {"deprecated":false, "digest":{"line_hashes":["319872827816851647717371349393416325476", "212357963224754359228842325870144500604", "173565680331490800229406522870336291472", "296272528443733225337110380235312617072", "225180191949311179386757110182805562197", "132840555199023955054648506055181253157", "166152938260230673924537411540086773937", "217367192194101887875000122180541600025", "56357263559963899663107324463737726573", "136017922404587097463704754473708476142", "39823467889662418534817717353275945160", "267785463599647351746920985700031222482"], "threshold":0.9}, "id":"ASB-A-234440688-3573e760", "match_only_versions":["12L"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/846d0286a8c1608796a64d9f6748c52bc3612bc1", "target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"}}]}}, {"package":{"name":"platform/packages/apps/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2022-09-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/5df14831b8d0bbae062c644cfa987378ea2ca9d4"], "severity":"High", "spl":"2022-09-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["119105830887202847828743114110704015010", "286762870007429537793915799176909290333", "121816353728658712091538528467758640365", "19592784335296858685853820961661671862", "126154069818861400221276473782020961444", "288159028028627004182746078235050406261", "82795765862042155059755556685281178010", "322506073509584080313550723877538223346", "282042956962584523644695825894720196789", "332099452835483432240376586532357452691", "306208524907543003627718939471761560144", "269463429052517483281097935448069251972", "320641842633859231116508047806350815442", "335871720811941217376527482591779703789", "12079542513812903161692716530038858904"], "threshold":0.9}, "id":"ASB-A-234440688-ac62c467", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/5df14831b8d0bbae062c644cfa987378ea2ca9d4", "target":{"file":"src/com/android/settings/SettingsActivity.java"}}, {"deprecated":false, "digest":{"line_hashes":["319872827816851647717371349393416325476", "212357963224754359228842325870144500604", "173565680331490800229406522870336291472", "296272528443733225337110380235312617072", "225180191949311179386757110182805562197", "132840555199023955054648506055181253157", "166152938260230673924537411540086773937", "217367192194101887875000122180541600025", "56357263559963899663107324463737726573", "136017922404587097463704754473708476142", "39823467889662418534817717353275945160", "267785463599647351746920985700031222482"], "threshold":0.9}, "id":"ASB-A-234440688-d5dbe343", "match_only_versions":["13"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/5df14831b8d0bbae062c644cfa987378ea2ca9d4", "target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"}}, {"deprecated":false, "digest":{"function_hash":"19204995285806054054315280470773614748", "length":813}, "id":"ASB-A-234440688-e1c2253d", "match_only_versions":["13"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/5df14831b8d0bbae062c644cfa987378ea2ca9d4", "target":{"file":"src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java", "function":"onAttach"}}, {"deprecated":false, "digest":{"function_hash":"266266937796773839997333389235888809265", "length":909}, "id":"ASB-A-234440688-e55716b6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/5df14831b8d0bbae062c644cfa987378ea2ca9d4", "target":{"file":"src/com/android/settings/SettingsActivity.java", "function":"tryStartTwoPaneDeepLink"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-09-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/apps/Settings/+/8cef068117d15802595a558281c1d1efe3d62da2"}]}