ASB-A-277207798

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-277207798.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-277207798
Aliases
  • A-277207798
  • CVE-2025-22416
Published
2025-04-01T00:00:00Z
Modified
2025-10-27T15:26:11.562129Z
Summary
[none]
Details

In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15-next:0
Fixed
15-next:2025-04-01

Affected versions

Other

15-next

Ecosystem specific 

{
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/bad47a2280c7107e1213f4adc5a3825a62698d00"
    ],
    "vanir_signatures": [
        {
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bad47a2280c7107e1213f4adc5a3825a62698d00",
            "id": "ASB-A-277207798-7bfb99a2",
            "deprecated": false,
            "target": {
                "file": "core/java/com/android/internal/app/ChooserActivity.java"
            },
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "253726217667786760008791040528132999656",
                    "228422336533060252731829592399006004338",
                    "335424932981330831523731482027422461698",
                    "45605471419092542802268726131796893831",
                    "231196650600773283353027740648307444990",
                    "13750646095156668772480085108097034858",
                    "46688699789534617252032762653797350857",
                    "76484926273318022941110547313781106396",
                    "319801971747590014370831222802487791519",
                    "225167580596828937992821877251436851634",
                    "130607908879052246674719283887525476671",
                    "153132771818589155319113541875463098830",
                    "99776271114638537866965957305766270641",
                    "205008932327429738391762413441071538873",
                    "290436820296095206163711891884675157053",
                    "107881527603548020291656350860705051943",
                    "76647954778615471049259555882753692194",
                    "80810554446883258785855333051732088581",
                    "338282417515360549291114073952096767125",
                    "194786844876987425545005515131039931828",
                    "260328569219012495242470606039928699047",
                    "13631907288037037077954071872415923239",
                    "75662308371422950237069767970774920254"
                ]
            },
            "signature_type": "Line"
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bad47a2280c7107e1213f4adc5a3825a62698d00",
            "id": "ASB-A-277207798-d9229806",
            "deprecated": false,
            "target": {
                "function": "onCreate",
                "file": "core/java/com/android/internal/app/ChooserActivity.java"
            },
            "signature_version": "v1",
            "digest": {
                "length": 6244.0,
                "function_hash": "336671546719732193332363639853093470883"
            },
            "signature_type": "Function"
        }
    ],
    "severity": "High",
    "spl": "2025-04-01"
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15:0
Fixed
15:2025-04-01

Affected versions

Other

15

Ecosystem specific 

{
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/c108d3866a3e6b1d7780325d862f20450a36d573"
    ],
    "vanir_signatures": [
        {
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c108d3866a3e6b1d7780325d862f20450a36d573",
            "id": "ASB-A-277207798-8a716ff5",
            "deprecated": false,
            "target": {
                "file": "core/java/com/android/internal/app/ChooserActivity.java"
            },
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "253726217667786760008791040528132999656",
                    "228422336533060252731829592399006004338",
                    "335424932981330831523731482027422461698",
                    "45605471419092542802268726131796893831",
                    "231196650600773283353027740648307444990",
                    "13750646095156668772480085108097034858",
                    "46688699789534617252032762653797350857",
                    "76484926273318022941110547313781106396",
                    "319801971747590014370831222802487791519",
                    "225167580596828937992821877251436851634",
                    "130607908879052246674719283887525476671",
                    "153132771818589155319113541875463098830",
                    "99776271114638537866965957305766270641",
                    "205008932327429738391762413441071538873",
                    "290436820296095206163711891884675157053",
                    "107881527603548020291656350860705051943",
                    "76647954778615471049259555882753692194",
                    "80810554446883258785855333051732088581",
                    "338282417515360549291114073952096767125",
                    "194786844876987425545005515131039931828",
                    "260328569219012495242470606039928699047",
                    "13631907288037037077954071872415923239",
                    "75662308371422950237069767970774920254"
                ]
            },
            "signature_type": "Line"
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c108d3866a3e6b1d7780325d862f20450a36d573",
            "id": "ASB-A-277207798-a30cbc47",
            "deprecated": false,
            "target": {
                "function": "onCreate",
                "file": "core/java/com/android/internal/app/ChooserActivity.java"
            },
            "signature_version": "v1",
            "digest": {
                "length": 6002.0,
                "function_hash": "258799873586369524372392063352180921580"
            },
            "signature_type": "Function"
        }
    ],
    "severity": "High",
    "spl": "2025-04-01"
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2025-04-01

Affected versions

Other

13

Ecosystem specific 

{
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/e73bb60fed12daa78ddad8308b31b0c78f1c3c66"
    ],
    "vanir_signatures": [
        {
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e73bb60fed12daa78ddad8308b31b0c78f1c3c66",
            "id": "ASB-A-277207798-474c274f",
            "deprecated": false,
            "target": {
                "file": "core/java/com/android/internal/app/ChooserActivity.java"
            },
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "41390077426975099314374087252517731925",
                    "45681176917284083586723022694067938350",
                    "333957807868229023926107419401633699128",
                    "102431590296808685158151479537038954109",
                    "26172496286527130508864160995380617790",
                    "319801971747590014370831222802487791519",
                    "225167580596828937992821877251436851634",
                    "130607908879052246674719283887525476671",
                    "153132771818589155319113541875463098830",
                    "99776271114638537866965957305766270641",
                    "205008932327429738391762413441071538873",
                    "290436820296095206163711891884675157053",
                    "107881527603548020291656350860705051943",
                    "76647954778615471049259555882753692194",
                    "80810554446883258785855333051732088581",
                    "338282417515360549291114073952096767125",
                    "194786844876987425545005515131039931828",
                    "260328569219012495242470606039928699047",
                    "13631907288037037077954071872415923239",
                    "75662308371422950237069767970774920254"
                ]
            },
            "signature_type": "Line"
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e73bb60fed12daa78ddad8308b31b0c78f1c3c66",
            "id": "ASB-A-277207798-ee415272",
            "deprecated": false,
            "target": {
                "function": "onCreate",
                "file": "core/java/com/android/internal/app/ChooserActivity.java"
            },
            "signature_version": "v1",
            "digest": {
                "length": 6212.0,
                "function_hash": "175854063412095478767692237294382957975"
            },
            "signature_type": "Function"
        }
    ],
    "severity": "High",
    "spl": "2025-04-01"
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2025-04-01

Affected versions

Other

14

Ecosystem specific 

{
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/bad47a2280c7107e1213f4adc5a3825a62698d00"
    ],
    "vanir_signatures": [
        {
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bad47a2280c7107e1213f4adc5a3825a62698d00",
            "id": "ASB-A-277207798-1a5b2f62",
            "deprecated": false,
            "target": {
                "file": "core/java/com/android/internal/app/ChooserActivity.java"
            },
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "253726217667786760008791040528132999656",
                    "228422336533060252731829592399006004338",
                    "335424932981330831523731482027422461698",
                    "45605471419092542802268726131796893831",
                    "231196650600773283353027740648307444990",
                    "13750646095156668772480085108097034858",
                    "46688699789534617252032762653797350857",
                    "76484926273318022941110547313781106396",
                    "319801971747590014370831222802487791519",
                    "225167580596828937992821877251436851634",
                    "130607908879052246674719283887525476671",
                    "153132771818589155319113541875463098830",
                    "99776271114638537866965957305766270641",
                    "205008932327429738391762413441071538873",
                    "290436820296095206163711891884675157053",
                    "107881527603548020291656350860705051943",
                    "76647954778615471049259555882753692194",
                    "80810554446883258785855333051732088581",
                    "338282417515360549291114073952096767125",
                    "194786844876987425545005515131039931828",
                    "260328569219012495242470606039928699047",
                    "13631907288037037077954071872415923239",
                    "75662308371422950237069767970774920254"
                ]
            },
            "signature_type": "Line"
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bad47a2280c7107e1213f4adc5a3825a62698d00",
            "id": "ASB-A-277207798-a54d35e8",
            "deprecated": false,
            "target": {
                "function": "onCreate",
                "file": "core/java/com/android/internal/app/ChooserActivity.java"
            },
            "signature_version": "v1",
            "digest": {
                "length": 6244.0,
                "function_hash": "336671546719732193332363639853093470883"
            },
            "signature_type": "Function"
        }
    ],
    "severity": "High",
    "spl": "2025-04-01"
}