CVE-2022-20470
HIGHAndroid - Local Privilege Escalation via AppWidgetServiceImpl Input Validation Bypass
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-20470. PoCs published by Trinadh465.
AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2022-20470, targeting Android's Autofill framework. The code includes test cases and a custom Autofill service to demonstrate the vulnerability, which involves improper handling of Autofill callbacks leading to potential denial-of-service (DoS) or performance degradation.
Description
In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-234013191
Exploits (1)
This repository contains a proof-of-concept exploit for CVE-2022-20470, targeting Android's Autofill framework. The code includes test cases and a custom Autofill service to demonstrate the vulnerability, which involves improper handling of Autofill callbacks leading to potential denial-of-service (DoS) or performance degradation.
References (1)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H