ASB-A-208817618 — Vulnetix

ASB-A-208817618 PUBLISHED

In sendSipAccountsRemovedNotification of SipAccountRegistry.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	packages/services/Telephony	12:0, 12, 12L:0

Timeline

Mar 1, 2022 CVE Published
May 7, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2022-03-01 advisory
https://android.googlesource.com/platform/packages/services/Telephony/+/7c9b65a4de4540a50a16781e9f55857544453bc2 patch

Open in Interactive Console →