CVE-2022-20448

Name of the Vulnerable Software and Affected Versions Android-10 Android-11 Android-12 Android-12L Android-13

Description A permissions bypass in the buzzBeepBlinkLocked() function of NotificationManagerService.java allows for the sharing of data across users. This issue can lead to a local escalation of privilege without requiring additional execution privileges or user interaction. Specifically, a missing user check may allow a screen reader to leak private notifications from another user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.