ASB-A-187702830 — Vulnetix

ASB-A-187702830 PUBLISHED

In cropPhoto of EditUserPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	frameworks/base	13, ,
platform	packages/apps/EmergencyInfo	10, 11:0, 11
platform	packages/apps/Settings	11, *, 10

Timeline

Dec 1, 2022 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2022-12-01 advisory
https://android.googlesource.com/platform/frameworks/base/+/b76141eb2bace631aabe4c6b55630e7b219044b1 patch
https://android.googlesource.com/platform/packages/apps/EmergencyInfo/+/5981e18eb50c54088dc29f8a1e1dc8efdd4bb887 patch

Open in Interactive Console →