Login Sign Up

CVE-2022-20004

7.8 HIGH

📋 TL;DR

This vulnerability allows local attackers to access any slice URI on Android devices due to improper input validation in the SliceManagerService. It enables local privilege escalation without requiring user interaction or additional execution privileges. Affects Android 10 through 12L devices.

💻 Affected Systems

Products:
  • Android
Versions: Android 10 through Android 12L
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: All Android devices running affected versions are vulnerable by default. Requires local access to exploit.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to access sensitive app data, modify system settings, or install malicious apps with elevated privileges.

🟠

Likely Case

Unauthorized access to sensitive slice data from other apps, potentially exposing personal information or allowing manipulation of app functionality.

🟢

If Mitigated

Limited impact if device is patched or has strict app isolation policies enforced.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring physical or remote code execution access first.
🏢 Internal Only: HIGH - Once an attacker gains initial access to the device, this vulnerability enables significant privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access to the device. No user interaction needed once initial access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Bulletin May 2022 patches

Vendor Advisory: https://source.android.com/security/bulletin/2022-05-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install the May 2022 security patch or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable unnecessary slice providers

android

Reduce attack surface by disabling slice providers for non-essential apps

Restrict app installations

android

Only install apps from trusted sources like Google Play Store

🧯 If You Can't Patch

  • Isolate vulnerable devices from sensitive networks and data
  • Implement strict app control policies and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If version is 10, 11, 12, or 12L without May 2022 patches, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.release

Verify Fix Applied:

Verify Android Security Patch Level in Settings > About phone shows May 2022 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unusual slice access patterns in system logs
  • Multiple failed slice permission checks followed by successful access

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Not applicable for typical enterprise SIEM as this is local device vulnerability

📊 Metadata

CVE ID: CVE-2022-20004
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-862
Published: May 10, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-20004, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)