{"id":"ASB-A-238377411", "published":"2022-10-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20420", "A-238377411"], "details":"In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2022-10-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/26945bf8608a8d5e38bdda4a68e3d444eed03de0"], "severity":"High", "spl":"2022-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"81851832787058760284793457627546280792", "length":2215}, "id":"ASB-A-238377411-00e006fe", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/26945bf8608a8d5e38bdda4a68e3d444eed03de0", "target":{"file":"services/core/java/com/android/server/am/AppRestrictionController.java", "function":"getBackgroundRestrictionExemptionReason"}}, {"deprecated":false, "digest":{"line_hashes":["338084814463838692865463276062272481269", "204095983282894935881441189197943072724", "111208491350462862960277179470679895697", "163064010969996349495530247851842396655", "16839510854669803563955315361634610793", "1786610215237782535962533169394715750", "334398862494929584959105449151793775680", "330533647503340784153069115043786205902", "143485974629224183528668425378540623940", "26926396955253309710027627514622503319", "273745746621807355187035804840176057909", "305889137737588596988465704815320506336", "134194250848175375095003306340074806879", "194957543535939216182745666166217578049", "26422771808357216473777961746329713413", "265669218276827631057056749515506381182", "76606515071439434307528638013225843903", "288517370563388251142327358930969033659", "130344593426080827019006436581711947077", "186682583954881249989830317938655312716", "225415400739484179376797177558147078077", "51695108914376855781955835012299425394", "150871703979736768091563171795087467328", "191061473204025477134646219421376372468", "21290638900906506377241001768891280698", "186369197693698899165612098672542311067", "574410352114663538138448114640889277", "114051027259629430124426829744691013693", "283453390914155909792195628521054937976", "243016695195401865758899327290423773863", "235135641989946274393347545803689135166", "52733613119433308264821384417685192222", "119872224072732039667693289869059257275", "95863338367342909469211096695945675284"], "threshold":0.9}, "id":"ASB-A-238377411-9a5ec86e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/26945bf8608a8d5e38bdda4a68e3d444eed03de0", "target":{"file":"services/core/java/com/android/server/am/AppRestrictionController.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-10-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/95e7a3ee33d3665ec46570dd0b1a6db614384570"}]}