CVE-2022-20217

Name of the Vulnerable Software and Affected Versions Android versions prior to the fixed version

Description The issue is related to the SprdContactsProvider component in the Android Telephony system, which has weaknesses in its authorization mechanism. This could allow a remote attacker to gain unauthorized access to protected information by deleting fixed dialing numbers (FDN) contacts. A third-party app could exploit this issue.

Recommendations For Android versions prior to the fixed version, consider restricting access to the SprdContactsProvider component to minimize the risk of exploitation. As a temporary workaround, avoid using the SprdContactsProvider until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.