In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 1362.0, "function_hash": "293592115087675525965099928377831645388" }, "id": "ASB-A-294105066-4d805519", "source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/76feb3795672beacbc534683825bb7f871157e2f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java", "function": "shouldRestrictOverlayActivities" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "132320200496910416633144091387043070799", "9222264376772789956722737820518927664", "39510485349635931364974729363780694415", "105403762334205416195417938083360044750", "181287731695673520138842956822233905586", "174713173314741838000960625363681242208", "183049458506848410960649018406972328386", "72075619583929205928583179512331277472", "190591185431082954046842447426409791922", "100052405192186497741302472074187627355" ] }, "id": "ASB-A-294105066-bcee7e53", "source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/76feb3795672beacbc534683825bb7f871157e2f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/76feb3795672beacbc534683825bb7f871157e2f" ], "spl": "2025-05-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "24391601699875178468681340548252595920", "9222264376772789956722737820518927664", "39510485349635931364974729363780694415", "105403762334205416195417938083360044750", "181287731695673520138842956822233905586", "32776859473314783020600580527272918548", "268287025647145217601171883020346811649", "298008157779326890226920484526372729606", "193635173819899355219600486103369665717", "21543297871747000018628982777714197655" ] }, "id": "ASB-A-294105066-463eca58", "source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/b459bcaac52d162a81a64aafe9e5f201d85a17f0", "deprecated": false, "signature_version": "v1", "target": { "file": "services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java" }, "signature_type": "Line" }, { "match_only_versions": [ "13" ], "digest": { "length": 447.0, "function_hash": "327865267837982666497546201968089274906" }, "id": "ASB-A-294105066-743ecccb", "source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/b459bcaac52d162a81a64aafe9e5f201d85a17f0", "deprecated": false, "signature_version": "v1", "target": { "file": "services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java", "function": "resolveActivity" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/b459bcaac52d162a81a64aafe9e5f201d85a17f0" ], "spl": "2025-05-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "24391601699875178468681340548252595920", "9222264376772789956722737820518927664", "39510485349635931364974729363780694415", "105403762334205416195417938083360044750", "181287731695673520138842956822233905586", "32776859473314783020600580527272918548", "268287025647145217601171883020346811649", "298008157779326890226920484526372729606", "193635173819899355219600486103369665717", "21543297871747000018628982777714197655" ] }, "id": "ASB-A-294105066-cc515bae", "source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/71042ac086b3470f4086c5c76fc2b6c4e3dff263", "deprecated": false, "signature_version": "v1", "target": { "file": "services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java" }, "signature_type": "Line" }, { "match_only_versions": [ "14" ], "digest": { "length": 447.0, "function_hash": "327865267837982666497546201968089274906" }, "id": "ASB-A-294105066-ef20f456", "source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/71042ac086b3470f4086c5c76fc2b6c4e3dff263", "deprecated": false, "signature_version": "v1", "target": { "file": "services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java", "function": "resolveActivity" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/71042ac086b3470f4086c5c76fc2b6c4e3dff263" ], "spl": "2025-05-01", "severity": "High", "types": [ "EoP" ] }