ASB-A-191743558
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-191743558.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-191743558
- Aliases
-
- A-191743558
- CVE-2025-26444
- Published
- 2025-05-01T00:00:00Z
- Modified
- 2025-05-05T15:27:57Z
- Summary
- [none]
- Details
-
In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is forcibly stopped due to a logic error in the code. This could lead to local escalation of privilege where the default assistant app is automatically granted ROLE_ASSISTANT with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"match_only_versions": [
"15-next"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"18821684757254926990280607860008172982",
"139840966649269522791898285785452267293",
"315092234019680884537506538565341346552",
"58020125161028357005057974212387437290",
"244358793272881065876483478741034219616",
"307021397261644951731153291077143973674",
"67399807452128116897124434211020171075",
"139188645249593050666559919697204848365",
"165593933992750819914297179073838435459",
"256478532399098418144991520562724342281",
"59478226001948527677859696019854527681",
"247859164057496948849173274743867921787",
"18585359427606112274547513649901710219",
"54367012940565072129042490789229908909",
"138295755771195710684676945852734259432",
"300496516844411826331410127420122381880",
"195688497058848058146876816582140362089",
"66866868743865279036580801803109303054",
"288350266245498398950420668425189977547",
"264622059756258503130654309248837387376"
]
},
"id": "ASB-A-191743558-411355af",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/ba9625e664c76943448ce5b7d97e3b381e71710d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java"
},
"signature_type": "Line"
},
{
"match_only_versions": [
"15-next"
],
"digest": {
"length": 1421.0,
"function_hash": "138110207219768810180559304153366495464"
},
"id": "ASB-A-191743558-ea5e5e37",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/ba9625e664c76943448ce5b7d97e3b381e71710d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java",
"function": "onHandleForceStop"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/ba9625e664c76943448ce5b7d97e3b381e71710d"
],
"spl": "2025-05-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"match_only_versions": [
"13"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"18821684757254926990280607860008172982",
"139840966649269522791898285785452267293",
"315092234019680884537506538565341346552",
"58020125161028357005057974212387437290",
"244358793272881065876483478741034219616",
"307021397261644951731153291077143973674",
"67399807452128116897124434211020171075",
"139188645249593050666559919697204848365",
"165593933992750819914297179073838435459",
"256478532399098418144991520562724342281",
"59478226001948527677859696019854527681",
"247859164057496948849173274743867921787",
"18585359427606112274547513649901710219",
"54367012940565072129042490789229908909",
"138295755771195710684676945852734259432",
"300496516844411826331410127420122381880",
"195688497058848058146876816582140362089",
"66866868743865279036580801803109303054",
"288350266245498398950420668425189977547",
"264622059756258503130654309248837387376"
]
},
"id": "ASB-A-191743558-47c48428",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/1ca358e20d17bf676223620be2d532c2d2619d1d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java"
},
"signature_type": "Line"
},
{
"match_only_versions": [
"13"
],
"digest": {
"length": 1421.0,
"function_hash": "138110207219768810180559304153366495464"
},
"id": "ASB-A-191743558-feb95b86",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/1ca358e20d17bf676223620be2d532c2d2619d1d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java",
"function": "onHandleForceStop"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/1ca358e20d17bf676223620be2d532c2d2619d1d"
],
"spl": "2025-05-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"match_only_versions": [
"14"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"18821684757254926990280607860008172982",
"139840966649269522791898285785452267293",
"315092234019680884537506538565341346552",
"58020125161028357005057974212387437290",
"244358793272881065876483478741034219616",
"307021397261644951731153291077143973674",
"67399807452128116897124434211020171075",
"139188645249593050666559919697204848365",
"165593933992750819914297179073838435459",
"256478532399098418144991520562724342281",
"59478226001948527677859696019854527681",
"247859164057496948849173274743867921787",
"18585359427606112274547513649901710219",
"54367012940565072129042490789229908909",
"138295755771195710684676945852734259432",
"300496516844411826331410127420122381880",
"195688497058848058146876816582140362089",
"66866868743865279036580801803109303054",
"288350266245498398950420668425189977547",
"264622059756258503130654309248837387376"
]
},
"id": "ASB-A-191743558-2b23fd31",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/9544903ba880ae7acd8096d1a9c3b48965429339",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java"
},
"signature_type": "Line"
},
{
"match_only_versions": [
"14"
],
"digest": {
"length": 1421.0,
"function_hash": "138110207219768810180559304153366495464"
},
"id": "ASB-A-191743558-7a5451b0",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/9544903ba880ae7acd8096d1a9c3b48965429339",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java",
"function": "onHandleForceStop"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/9544903ba880ae7acd8096d1a9c3b48965429339"
],
"spl": "2025-05-01",
"severity": "High",
"types": [
"EoP"
]
}