ASB-A-234013191 — Vulnetix

ASB-A-234013191 PUBLISHED

In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	frameworks/base	10:0, 10, 11:0

Exploit Intelligence

Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20470 (github-poc)

Timeline

Dec 1, 2022 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2022-12-01 advisory
https://android.googlesource.com/platform/frameworks/base/+/263d7d0ba8818c471a27938c4e002bae33569f01 patch

Open in Interactive Console →