{"id":"ASB-A-239701237", "published":"2022-12-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20449", "A-239701237"], "details":"In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-12-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/cfcfe6ca8c545f78603c05e23687f8638fd4b51d"], "severity":"High", "spl":"2022-12-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["60676264421018491029098267007649352048", "96880129610797312730379785827976580551", "8916979314763594955163789788798071519", "190311535256337988751608138939726760505", "17941578793664301904950243975030905922", "197600117250010257420588618957093355606", "53797310922398388453958968680970082509", "17234656718489223855727244315471540302", "4494566512991468182257035036658827013", "308688002306591719534515716485546701452", "292882381086839317005526967849453008923"], "threshold":0.9}, "id":"ASB-A-239701237-08a5238b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/cfcfe6ca8c545f78603c05e23687f8638fd4b51d", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"3665991346729794305463037127088892183", "length":553}, "id":"ASB-A-239701237-8b04e4e2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/cfcfe6ca8c545f78603c05e23687f8638fd4b51d", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java", "function":"setApplicationRestrictions"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-12-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/cfcfe6ca8c545f78603c05e23687f8638fd4b51d"], "severity":"High", "spl":"2022-12-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["60676264421018491029098267007649352048", "96880129610797312730379785827976580551", "8916979314763594955163789788798071519", "190311535256337988751608138939726760505", "17941578793664301904950243975030905922", "197600117250010257420588618957093355606", "53797310922398388453958968680970082509", "17234656718489223855727244315471540302", "4494566512991468182257035036658827013", "308688002306591719534515716485546701452", "292882381086839317005526967849453008923"], "threshold":0.9}, "id":"ASB-A-239701237-5b74ef30", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/cfcfe6ca8c545f78603c05e23687f8638fd4b51d", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"3665991346729794305463037127088892183", "length":553}, "id":"ASB-A-239701237-feb6426a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/cfcfe6ca8c545f78603c05e23687f8638fd4b51d", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java", "function":"setApplicationRestrictions"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-12-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/1b9b59c63bffc675a042cba6cd666831abef2c3e"], "severity":"High", "spl":"2022-12-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["8726669358009533754711768650652471102", "297095608694449044964208227087478768880", "328639330774714907100642728544503363204", "17852590006241573587183847420349458720", "180574211167961718387810598829512067092", "270447186769324840768603429604711616687", "291492784790979532703841348606774441797", "17234656718489223855727244315471540302", "4494566512991468182257035036658827013", "100067285054918524368057218554415546387", "211161732107471073183069677845043101530"], "threshold":0.9}, "id":"ASB-A-239701237-f2c58b61", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1b9b59c63bffc675a042cba6cd666831abef2c3e", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"23443127663564534087095444263018226139", "length":634}, "id":"ASB-A-239701237-f3d19096", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1b9b59c63bffc675a042cba6cd666831abef2c3e", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java", "function":"setApplicationRestrictions"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2022-12-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/1b9b59c63bffc675a042cba6cd666831abef2c3e"], "severity":"High", "spl":"2022-12-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"23443127663564534087095444263018226139", "length":634}, "id":"ASB-A-239701237-48c7650c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1b9b59c63bffc675a042cba6cd666831abef2c3e", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java", "function":"setApplicationRestrictions"}}, {"deprecated":false, "digest":{"line_hashes":["8726669358009533754711768650652471102", "297095608694449044964208227087478768880", "328639330774714907100642728544503363204", "17852590006241573587183847420349458720", "180574211167961718387810598829512067092", "270447186769324840768603429604711616687", "291492784790979532703841348606774441797", "17234656718489223855727244315471540302", "4494566512991468182257035036658827013", "100067285054918524368057218554415546387", "211161732107471073183069677845043101530"], "threshold":0.9}, "id":"ASB-A-239701237-83f36119", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1b9b59c63bffc675a042cba6cd666831abef2c3e", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/1b9b59c63bffc675a042cba6cd666831abef2c3e"}]}