ASB-A-266433089

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-266433089.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-266433089
Aliases
  • A-266433089
  • CVE-2025-48621
Published
2025-12-01T00:00:00Z
Modified
2026-01-23T16:22:00.749434Z
Summary
[none]
Details

In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a insecure default. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16-qpr2-next:0
Fixed
16-qpr2-next:2025-12-01

Affected versions

Other

16-qpr2-next

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/34f7093f864616059caad72366409ab1b4792675"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/34f7093f864616059caad72366409ab1b4792675",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "102376982044160493164054560424829740992",
                    "66499418353376395208915744637021515921",
                    "130252057911911557120901590373891803764",
                    "290301398973385244038766360757378904818"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "ASB-A-266433089-3a792091",
            "target": {
                "file": "libs/WindowManager/Shell/src/com/android/wm/shell/transition/DefaultTransitionHandler.java"
            }
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2025-12-01"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-266433089.json"

platform/frameworks/native

Package

Name
platform/frameworks/native

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16-qpr2-next:0
Fixed
16-qpr2-next:2025-12-01

Affected versions

Other

16-qpr2-next

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/native/+/626f4201c51f294dbf1dd37034aa8bd2cd549826"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/626f4201c51f294dbf1dd37034aa8bd2cd549826",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "5394850696851107489683868258220425241",
                    "118260498044634936657883368239434792272",
                    "111512741543011694653014009302648536530"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "ASB-A-266433089-00e74b31",
            "target": {
                "file": "services/inputflinger/dispatcher/InputDispatcher.cpp"
            }
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2025-12-01"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-266433089.json"

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15:0
Fixed
15:2025-12-01

Affected versions

Other

15

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/1d37fc960d93d216e151d74662ccc5d53fd68978"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1d37fc960d93d216e151d74662ccc5d53fd68978",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "248856889590144885621918607836282539025",
                    "144531626938778448552179873240849072977",
                    "106039877743107897291918924499970282509",
                    "188457292567742801376067883879181012870"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "ASB-A-266433089-7562e2de",
            "target": {
                "file": "libs/WindowManager/Shell/src/com/android/wm/shell/transition/DefaultTransitionHandler.java"
            }
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2025-12-01"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-266433089.json"

platform/frameworks/native

Package

Name
platform/frameworks/native

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15:0
Fixed
15:2025-12-01

Affected versions

Other

15

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/native/+/a1c211a49aff429e54e9d0f41649ab18c1b4e22d"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/a1c211a49aff429e54e9d0f41649ab18c1b4e22d",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "154201780020139837239759456663197568923",
                    "307574667483685234664799342826226447129",
                    "111512741543011694653014009302648536530"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "ASB-A-266433089-863a7e80",
            "target": {
                "file": "services/inputflinger/dispatcher/InputDispatcher.cpp"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/a1c211a49aff429e54e9d0f41649ab18c1b4e22d",
            "deprecated": false,
            "digest": {
                "length": 1841.0,
                "function_hash": "293883125124188735835403008805557989755"
            },
            "signature_type": "Function",
            "id": "ASB-A-266433089-fa767d19",
            "target": {
                "function": "InputDispatcher::canWindowReceiveMotionLocked",
                "file": "services/inputflinger/dispatcher/InputDispatcher.cpp"
            }
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2025-12-01"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-266433089.json"

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16:0
Fixed
16:2025-12-01

Affected versions

Other

16

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/71d67882398e9a28c268e19d5a5d66ff7632c4ed"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/71d67882398e9a28c268e19d5a5d66ff7632c4ed",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "248856889590144885621918607836282539025",
                    "170601685298913636518152436052267910966",
                    "130252057911911557120901590373891803764",
                    "290301398973385244038766360757378904818"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "ASB-A-266433089-6f7088c2",
            "target": {
                "file": "libs/WindowManager/Shell/src/com/android/wm/shell/transition/DefaultTransitionHandler.java"
            }
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2025-12-01"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-266433089.json"

platform/frameworks/native

Package

Name
platform/frameworks/native

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16:0
Fixed
16:2025-12-01

Affected versions

Other

16

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/native/+/61b3b73116cb7fc760683db1d02e6466522aacbf"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/61b3b73116cb7fc760683db1d02e6466522aacbf",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "5394850696851107489683868258220425241",
                    "118260498044634936657883368239434792272",
                    "111512741543011694653014009302648536530"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "ASB-A-266433089-5dc813ca",
            "target": {
                "file": "services/inputflinger/dispatcher/InputDispatcher.cpp"
            }
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2025-12-01"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-266433089.json"

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2025-12-01

Affected versions

Other

13

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/1e9412266ede59c046b83ad3a3fbfcaba94a1787"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1e9412266ede59c046b83ad3a3fbfcaba94a1787",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "248856889590144885621918607836282539025",
                    "44536510841965663279992936573567125690",
                    "5614311063228002728842156457546024868",
                    "286505572372986416403478625591453334143"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "ASB-A-266433089-bf2b2d08",
            "target": {
                "file": "libs/WindowManager/Shell/src/com/android/wm/shell/transition/DefaultTransitionHandler.java"
            }
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2025-12-01"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-266433089.json"

platform/frameworks/native

Package

Name
platform/frameworks/native

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2025-12-01

Affected versions

Other

13

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/native/+/9f65d0158f853ca4571a7af155969f0081d79a49"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/9f65d0158f853ca4571a7af155969f0081d79a49",
            "deprecated": false,
            "digest": {
                "length": 11604.0,
                "function_hash": "55669835188213314027306847272836052850"
            },
            "signature_type": "Function",
            "id": "ASB-A-266433089-44b6301a",
            "target": {
                "function": "InputDispatcher::findTouchedWindowTargetsLocked",
                "file": "services/inputflinger/dispatcher/InputDispatcher.cpp"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/9f65d0158f853ca4571a7af155969f0081d79a49",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "108905384051329200733903586878036295580",
                    "177927706532921712772368279218975722500",
                    "216405314139094600963822921191872050443",
                    "219664331880740055396330504946416842747"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "ASB-A-266433089-c6b4d22f",
            "target": {
                "file": "services/inputflinger/dispatcher/InputDispatcher.cpp"
            }
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2025-12-01"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-266433089.json"

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2025-12-01

Affected versions

Other

14

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/0f849cfc111ebb8324bdf11039b4a5dc998feefa"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/0f849cfc111ebb8324bdf11039b4a5dc998feefa",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "248856889590144885621918607836282539025",
                    "144531626938778448552179873240849072977",
                    "106039877743107897291918924499970282509",
                    "188457292567742801376067883879181012870"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "ASB-A-266433089-eaff47c8",
            "target": {
                "file": "libs/WindowManager/Shell/src/com/android/wm/shell/transition/DefaultTransitionHandler.java"
            }
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2025-12-01"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-266433089.json"

platform/frameworks/native

Package

Name
platform/frameworks/native

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2025-12-01

Affected versions

Other

14

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/native/+/3c01b64e016060ce736a893922aec1f2ebca2995"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/3c01b64e016060ce736a893922aec1f2ebca2995",
            "deprecated": false,
            "digest": {
                "length": 1546.0,
                "function_hash": "75330836211644953868411228713032159909"
            },
            "signature_type": "Function",
            "id": "ASB-A-266433089-39d8b960",
            "target": {
                "function": "InputDispatcher::canWindowReceiveMotionLocked",
                "file": "services/inputflinger/dispatcher/InputDispatcher.cpp"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/3c01b64e016060ce736a893922aec1f2ebca2995",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "154201780020139837239759456663197568923",
                    "307574667483685234664799342826226447129",
                    "111512741543011694653014009302648536530"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "ASB-A-266433089-e28b9735",
            "target": {
                "file": "services/inputflinger/dispatcher/InputDispatcher.cpp"
            }
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2025-12-01"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-266433089.json"