CVE-2022-20352

Name of the Vulnerable Software and Affected Versions Android versions Android-12 through Android-12L

Description A local information disclosure issue exists due to a missing permission check in the addProviderRequestListener method of LocationManagerService.java. This allows an attacker to learn which packages request location information without needing additional execution privileges. User interaction is not required for exploitation.

Recommendations For Android versions Android-12 through Android-12L, consider restricting access to location information until a patch is available. As a temporary workaround, review and limit the packages that can request location data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.