{"id":"ASB-A-237290578", "published":"2022-10-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20419", "A-237290578"], "details":"In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-10-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c"], "severity":"Critical", "spl":"2022-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"205398171342732717523701527669719181976", "length":216}, "id":"ASB-A-237290578-4bb14851", "match_only_versions":["12L"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c", "target":{"file":"services/core/java/com/android/server/wm/ActivityRecord.java", "function":"takeOptions"}}, {"deprecated":false, "digest":{"line_hashes":["141409068137822364776637404179214809909", "141646122292666747827102773057754006353", "115214146352062741294180703043020714224"], "threshold":0.9}, "id":"ASB-A-237290578-5662a94a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c", "target":{"file":"core/java/android/app/ActivityOptions.java"}}, {"deprecated":false, "digest":{"line_hashes":["123932784371985051459924424380706729449", "197535680874352624395498706667897197889", "238119913619143259649442240135204435966", "8093508599898817594190718849734633838", "144138795246327357023218240210182545717", "272064731781995071156461217388638949151"], "threshold":0.9}, "id":"ASB-A-237290578-932d0bef", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c", "target":{"file":"services/core/java/com/android/server/wm/ActivityRecord.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2022-10-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c"], "severity":"Critical", "spl":"2022-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"205398171342732717523701527669719181976", "length":216}, "id":"ASB-A-237290578-a2a9c6a1", "match_only_versions":["13"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c", "target":{"file":"services/core/java/com/android/server/wm/ActivityRecord.java", "function":"takeOptions"}}, {"deprecated":false, "digest":{"line_hashes":["141409068137822364776637404179214809909", "141646122292666747827102773057754006353", "115214146352062741294180703043020714224"], "threshold":0.9}, "id":"ASB-A-237290578-b9a6b660", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c", "target":{"file":"core/java/android/app/ActivityOptions.java"}}, {"deprecated":false, "digest":{"line_hashes":["123932784371985051459924424380706729449", "197535680874352624395498706667897197889", "238119913619143259649442240135204435966", "8093508599898817594190718849734633838", "144138795246327357023218240210182545717", "272064731781995071156461217388638949151"], "threshold":0.9}, "id":"ASB-A-237290578-d9d373b9", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0d03e6f1fc66fefb5409ac93ff49fa922f81664c", "target":{"file":"services/core/java/com/android/server/wm/ActivityRecord.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-10-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/e5dd8be748c76c11615050c610dfc1fae73ad4a4"}]}