CVE-2022-20192

Name of the Vulnerable Software and Affected Versions Android versions prior to the fixed version

Description The issue is related to a permissions bypass in the grantEmbeddedWindowFocus function of WindowManagerService.java. This could allow an attacker to change an input channel for embedded hierarchy, potentially leading to local escalation of privilege without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android versions prior to the fixed version, consider restricting access to the grantEmbeddedWindowFocus function of WindowManagerService.java to minimize the risk of exploitation. As a temporary workaround, avoid using the embedded hierarchy input channel until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.