CVE Vulnerabilities

CVE-2022-20495

Published: Dec 13, 2022 | Modified: Dec 15, 2022
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide an accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243849844

Affected Software

Name Vendor Start Version End Version
Android Google 10.0 (including) 10.0 (including)
Android Google 11.0 (including) 11.0 (including)
Android Google 12.0 (including) 12.0 (including)
Android Google 12.1 (including) 12.1 (including)
Android Google 13.0 (including) 13.0 (including)
Android-platform-frameworks-base Ubuntu bionic *
Android-platform-frameworks-base Ubuntu devel *
Android-platform-frameworks-base Ubuntu esm-apps/bionic *
Android-platform-frameworks-base Ubuntu esm-apps/focal *
Android-platform-frameworks-base Ubuntu esm-apps/jammy *
Android-platform-frameworks-base Ubuntu esm-apps/noble *
Android-platform-frameworks-base Ubuntu esm-apps/xenial *
Android-platform-frameworks-base Ubuntu focal *
Android-platform-frameworks-base Ubuntu jammy *
Android-platform-frameworks-base Ubuntu kinetic *
Android-platform-frameworks-base Ubuntu lunar *
Android-platform-frameworks-base Ubuntu mantic *
Android-platform-frameworks-base Ubuntu noble *
Android-platform-frameworks-base Ubuntu oracular *
Android-platform-frameworks-base Ubuntu trusty *
Android-platform-frameworks-base Ubuntu xenial *

References