CVE-2022-20458 Information

Description

The logs of sensitive information (PII) or hardware identifier should only be printed in Android �serdebug\ or ng\ build. StatusBarNotification.getKey() could contain sensitive information. However CarNotificationListener.java it prints out the StatusBarNotification.getKey() directly in logs which could contain user’s account name (i.e. PII) in Android �ser\ build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776

Reference

https://source.android.com/security/bulletin/aaos/2023-01-01