ASB-A-191743558

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-191743558.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-191743558

Aliases

A-191743558
CVE-2025-26444

Published

2025-05-01T00:00:00Z

Modified

2026-03-09T15:09:45.114269Z

Summary

[none]

Details

In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is forcibly stopped due to a logic error in the code. This could lead to local escalation of privilege where the default assistant app is automatically granted ROLE_ASSISTANT with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15-next:0

Fixed

15-next:2025-05-01

Affected versions

Other

15-next

Ecosystem specific

{
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ba9625e664c76943448ce5b7d97e3b381e71710d"
    ],
    "spl": "2025-05-01",
    "vanir_signatures": [
        {
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ba9625e664c76943448ce5b7d97e3b381e71710d",
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-191743558-411355af",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "18821684757254926990280607860008172982",
                    "139840966649269522791898285785452267293",
                    "315092234019680884537506538565341346552",
                    "58020125161028357005057974212387437290",
                    "244358793272881065876483478741034219616",
                    "307021397261644951731153291077143973674",
                    "67399807452128116897124434211020171075",
                    "139188645249593050666559919697204848365",
                    "165593933992750819914297179073838435459",
                    "256478532399098418144991520562724342281",
                    "59478226001948527677859696019854527681",
                    "247859164057496948849173274743867921787",
                    "18585359427606112274547513649901710219",
                    "54367012940565072129042490789229908909",
                    "138295755771195710684676945852734259432",
                    "300496516844411826331410127420122381880",
                    "195688497058848058146876816582140362089",
                    "66866868743865279036580801803109303054",
                    "288350266245498398950420668425189977547",
                    "264622059756258503130654309248837387376"
                ]
            },
            "signature_type": "Line",
            "target": {
                "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java"
            }
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ba9625e664c76943448ce5b7d97e3b381e71710d",
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-191743558-ea5e5e37",
            "digest": {
                "length": 1421.0,
                "function_hash": "138110207219768810180559304153366495464"
            },
            "signature_type": "Function",
            "target": {
                "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java",
                "function": "onHandleForceStop"
            }
        }
    ],
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-191743558.json"

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13:0

Fixed

13:2025-05-01

Affected versions

Other

Ecosystem specific

{
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/1ca358e20d17bf676223620be2d532c2d2619d1d"
    ],
    "spl": "2025-05-01",
    "vanir_signatures": [
        {
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1ca358e20d17bf676223620be2d532c2d2619d1d",
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-191743558-47c48428",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "18821684757254926990280607860008172982",
                    "139840966649269522791898285785452267293",
                    "315092234019680884537506538565341346552",
                    "58020125161028357005057974212387437290",
                    "244358793272881065876483478741034219616",
                    "307021397261644951731153291077143973674",
                    "67399807452128116897124434211020171075",
                    "139188645249593050666559919697204848365",
                    "165593933992750819914297179073838435459",
                    "256478532399098418144991520562724342281",
                    "59478226001948527677859696019854527681",
                    "247859164057496948849173274743867921787",
                    "18585359427606112274547513649901710219",
                    "54367012940565072129042490789229908909",
                    "138295755771195710684676945852734259432",
                    "300496516844411826331410127420122381880",
                    "195688497058848058146876816582140362089",
                    "66866868743865279036580801803109303054",
                    "288350266245498398950420668425189977547",
                    "264622059756258503130654309248837387376"
                ]
            },
            "signature_type": "Line",
            "target": {
                "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java"
            }
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1ca358e20d17bf676223620be2d532c2d2619d1d",
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-191743558-feb95b86",
            "digest": {
                "length": 1421.0,
                "function_hash": "138110207219768810180559304153366495464"
            },
            "signature_type": "Function",
            "target": {
                "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java",
                "function": "onHandleForceStop"
            }
        }
    ],
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-191743558.json"

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

14:0

Fixed

14:2025-05-01

Affected versions

Other

Ecosystem specific

{
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/9544903ba880ae7acd8096d1a9c3b48965429339"
    ],
    "spl": "2025-05-01",
    "vanir_signatures": [
        {
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9544903ba880ae7acd8096d1a9c3b48965429339",
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-191743558-2b23fd31",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "18821684757254926990280607860008172982",
                    "139840966649269522791898285785452267293",
                    "315092234019680884537506538565341346552",
                    "58020125161028357005057974212387437290",
                    "244358793272881065876483478741034219616",
                    "307021397261644951731153291077143973674",
                    "67399807452128116897124434211020171075",
                    "139188645249593050666559919697204848365",
                    "165593933992750819914297179073838435459",
                    "256478532399098418144991520562724342281",
                    "59478226001948527677859696019854527681",
                    "247859164057496948849173274743867921787",
                    "18585359427606112274547513649901710219",
                    "54367012940565072129042490789229908909",
                    "138295755771195710684676945852734259432",
                    "300496516844411826331410127420122381880",
                    "195688497058848058146876816582140362089",
                    "66866868743865279036580801803109303054",
                    "288350266245498398950420668425189977547",
                    "264622059756258503130654309248837387376"
                ]
            },
            "signature_type": "Line",
            "target": {
                "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java"
            }
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9544903ba880ae7acd8096d1a9c3b48965429339",
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-191743558-7a5451b0",
            "digest": {
                "length": 1421.0,
                "function_hash": "138110207219768810180559304153366495464"
            },
            "signature_type": "Function",
            "target": {
                "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java",
                "function": "onHandleForceStop"
            }
        }
    ],
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-191743558.json"