CVE-2022-20392

Name of the Vulnerable Software and Affected Versions Android versions Android-10 through Android-12L

Description The issue is related to improper input validation in the declareDuplicatePermission function of ParsedPermissionUtils.java. This could allow an attacker to obtain a dangerous permission without user consent, potentially leading to local escalation of privilege during app installation or upgrade. No additional execution privileges are needed, and user interaction is not required for exploitation.

Recommendations For Android versions Android-10 through Android-12L, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.