ASB-A-228314987 — Vulnetix

ASB-A-228314987 PUBLISHED

In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	packages/apps/Settings	10:0, 10, 11:0

Exploit Intelligence

726232111/packages_apps_Settings_AOSP_10_r33_CVE-2022-20360 (github-poc)

Timeline

Aug 1, 2022 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2022-08-01 advisory
https://android.googlesource.com/platform/packages/apps/Settings/+/645407c8e603337aee6882fc49c44f49bc5707a6 patch
https://android.googlesource.com/platform/packages/apps/Settings/+/2290b0af8cb4b640709fa904f73ce3e69208f872 patch

Open in Interactive Console →