| Name | CVE-2022-20011 |
| Description | In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-214999128 |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| android-platform-frameworks-base (PTS) | jessie | 21-2 | vulnerable |
| stretch | 1:7.0.0+r33-1 | vulnerable |
| buster | 1:8.1.0+r23-3 | vulnerable |
| bullseye | 1:10.0.0+r36-3 | vulnerable |
| bookworm | 1:10.0.0+r36-10 | vulnerable |
| sid | 1:14~beta1-2 | vulnerable |
The information below is based on the following data on fixed versions.
Notes
https://source.android.com/security/bulletin/2022-05-01
https://android.googlesource.com/platform/frameworks/base/+/f315ba91df3829d862371fbab9da584ce0a59bc6
Not accessible in Debian builds, No security impact for Android as provided in Debian