CVE-2022-20011

NameCVE-2022-20011
DescriptionIn getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-214999128
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
android-platform-frameworks-base (PTS)stretch1:7.0.0+r33-1vulnerable
buster1:8.1.0+r23-3vulnerable
bookworm, bullseye1:10.0.0+r36-3vulnerable
sid1:10.0.0+r36-5vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
android-platform-frameworks-basesource(unstable)(unfixed)unimportant

Notes

https://source.android.com/security/bulletin/2022-05-01
https://android.googlesource.com/platform/frameworks/base/+/f315ba91df3829d862371fbab9da584ce0a59bc6
Not accessible in Debian builds, No security impact for Android as provided in Debian
Search for package or bug name: Reporting problems