VDB
ASB-A-228178437
ASB-A-228178437
PUBLISHED
CVSS 6.900000095367432 MEDIUM
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
Risk Scores
CVSS v4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| platform | frameworks/base | 10, 12, 11 |
| platform | packages/apps/Car/Settings | 12L:0, 12L, 12L:0 |
| platform | packages/apps/Settings | 12, 10:0, 10 |
| platform | packages/services/Car | 10, 11, * |
Timeline
- Aug 1, 2022 CVE Published
- May 15, 2026 CVE Updated
References
- https://source.android.com/security/bulletin/2022-08-01 advisory
- https://android.googlesource.com/platform/packages/apps/Settings/+/9d7b4f0fa2100721a5dc00e8fdd1be712b9bbbea patch
- https://android.googlesource.com/platform/frameworks/base/+/acc83ab08d46755512ceb38d7fc521b2491d6bfb patch
- https://android.googlesource.com/platform/packages/apps/Settings/+/ff341956043c26cf241fe3529b3d4dbef2e6b2e8 patch
- https://android.googlesource.com/platform/frameworks/base/+/735bcf8cf7a73937eb03ba9474d62ce0498ac64a patch
- https://android.googlesource.com/platform/packages/apps/Car/Settings/+/dcb9c5fb699682ecabce52d569ab8af78e1bb966 patch