ASB-A-228450811 — Vulnetix

ASB-A-228450811 PUBLISHED

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	packages/apps/Settings	10:0, 12L:0, 12L

Timeline

Aug 1, 2022 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2022-08-01 advisory
https://android.googlesource.com/platform/packages/apps/Settings/+/01b6a6222e5e8cf59e317f4f52df71308bfb8bc5 patch
https://android.googlesource.com/platform/packages/apps/Settings/+/205752dcf2062eb3deeb7f3b7d1eb8af7d8b2634 patch

Open in Interactive Console →