ASB-A-299928772
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-299928772.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-299928772
- Aliases
-
- A-299928772
- CVE-2025-26454
- Published
- 2025-09-01T00:00:00Z
- Modified
- 2025-09-02T14:59:13.694122Z
- Summary
- [none]
- Details
-
In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/packages/apps/ManagedProvisioning
Package
Ecosystem specific
{
"vanir_signatures": [
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1074.0,
"function_hash": "231057428299935066010462679043020374650"
},
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/parser/DisclaimersParserImpl.java",
"function": "parse"
},
"id": "ASB-A-299928772-3cdf238b",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/5d67902f6a7498d016ee588d6c00710fb2d3ab98"
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 653.0,
"function_hash": "56599041486791653158793025001489753610"
},
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/parser/DisclaimersParserImpl.java",
"function": "validateUriSchemeAndPermission"
},
"id": "ASB-A-299928772-6a2fde73",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/5fe27956963c7217f4a46fbaf71e85581c15c75a"
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"306353843303387726355702498487522491806",
"293498699814438832855307943324029119172",
"52347117056467634937466565239980812129",
"317986142681612487123999013690798250036",
"327975719628763653270566257269120350826",
"34562292136139495781506846405139358342",
"16525222622058043237713080879020575932",
"283768496119523766778365567182334773978",
"56182407057193638623905102244902259459",
"34971562934224812121250361817658781275",
"297763360091902644022462049249290273389",
"253119710022849656328639361282829451051",
"145221666184869082582395448278050551790"
]
},
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/parser/DisclaimersParserImpl.java"
},
"id": "ASB-A-299928772-cd4aadeb",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/5fe27956963c7217f4a46fbaf71e85581c15c75a"
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"21661374069910691696246148390452862549",
"168741972324412423054354703684407506159",
"289765908165413668509698509014490311459",
"265243392760694816224576526233570226393",
"40946140428739609848883109067537673393",
"70614530991709411807346231526898929961",
"320044701215734489085580280834184385095",
"182141923972420208967496091292371661973",
"237401992792594335746782023988038365848",
"305149881990112707825353692424671166181",
"33252221387156391046735923317394712199",
"160741497903630865216457377289265000805",
"264205345572203832760214993700416326663",
"59442247465558751868549629724754877861",
"242472957651837251870355421103073761720",
"13121978087997160257044866359009811297",
"246712920164809675401155579979002862656",
"180701290375588681121323057983220566313",
"238406775196507920004164357023990191921",
"241732665644526005067251578153060441424"
]
},
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/parser/DisclaimersParserImpl.java"
},
"id": "ASB-A-299928772-d23e4f1d",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/5d67902f6a7498d016ee588d6c00710fb2d3ab98"
}
],
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/5d67902f6a7498d016ee588d6c00710fb2d3ab98",
"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/5fe27956963c7217f4a46fbaf71e85581c15c75a"
],
"spl": "2025-09-01"
}
Android / platform/packages/apps/ManagedProvisioning
Package
Ecosystem specific
{
"vanir_signatures": [
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"21661374069910691696246148390452862549",
"168741972324412423054354703684407506159",
"289765908165413668509698509014490311459",
"265243392760694816224576526233570226393",
"40946140428739609848883109067537673393",
"70614530991709411807346231526898929961",
"320044701215734489085580280834184385095",
"182141923972420208967496091292371661973",
"237401992792594335746782023988038365848",
"305149881990112707825353692424671166181",
"33252221387156391046735923317394712199",
"160741497903630865216457377289265000805",
"264205345572203832760214993700416326663",
"59442247465558751868549629724754877861",
"242472957651837251870355421103073761720",
"13121978087997160257044866359009811297",
"246712920164809675401155579979002862656",
"180701290375588681121323057983220566313",
"238406775196507920004164357023990191921",
"241732665644526005067251578153060441424"
]
},
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/parser/DisclaimersParserImpl.java"
},
"id": "ASB-A-299928772-1de1d32b",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/68ff8bc959c104f1803e8b5e04ee180aaa542992"
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"306353843303387726355702498487522491806",
"293498699814438832855307943324029119172",
"52347117056467634937466565239980812129",
"317986142681612487123999013690798250036",
"327975719628763653270566257269120350826",
"34562292136139495781506846405139358342",
"16525222622058043237713080879020575932",
"283768496119523766778365567182334773978",
"56182407057193638623905102244902259459",
"34971562934224812121250361817658781275",
"297763360091902644022462049249290273389",
"253119710022849656328639361282829451051",
"145221666184869082582395448278050551790"
]
},
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/parser/DisclaimersParserImpl.java"
},
"id": "ASB-A-299928772-68ae0b45",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/6a2985fac238dddabe35515aab92d79eef28f0c5"
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 653.0,
"function_hash": "56599041486791653158793025001489753610"
},
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/parser/DisclaimersParserImpl.java",
"function": "validateUriSchemeAndPermission"
},
"id": "ASB-A-299928772-7f5960eb",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/6a2985fac238dddabe35515aab92d79eef28f0c5"
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1074.0,
"function_hash": "231057428299935066010462679043020374650"
},
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/parser/DisclaimersParserImpl.java",
"function": "parse"
},
"id": "ASB-A-299928772-e4f363d1",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/68ff8bc959c104f1803e8b5e04ee180aaa542992"
}
],
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/68ff8bc959c104f1803e8b5e04ee180aaa542992",
"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/6a2985fac238dddabe35515aab92d79eef28f0c5"
],
"spl": "2025-09-01"
}
Android / platform/packages/apps/ManagedProvisioning
Package
Ecosystem specific
{
"vanir_signatures": [
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"21661374069910691696246148390452862549",
"168741972324412423054354703684407506159",
"289765908165413668509698509014490311459",
"265243392760694816224576526233570226393",
"40946140428739609848883109067537673393",
"70614530991709411807346231526898929961",
"320044701215734489085580280834184385095",
"182141923972420208967496091292371661973",
"237401992792594335746782023988038365848",
"305149881990112707825353692424671166181",
"33252221387156391046735923317394712199",
"160741497903630865216457377289265000805",
"264205345572203832760214993700416326663",
"59442247465558751868549629724754877861",
"242472957651837251870355421103073761720",
"13121978087997160257044866359009811297",
"246712920164809675401155579979002862656",
"180701290375588681121323057983220566313",
"238406775196507920004164357023990191921",
"241732665644526005067251578153060441424"
]
},
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/parser/DisclaimersParserImpl.java"
},
"id": "ASB-A-299928772-63cb3e84",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/b0946f908c9a23f576cf14a7596c2ffb6ca3ba96"
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"306353843303387726355702498487522491806",
"293498699814438832855307943324029119172",
"52347117056467634937466565239980812129",
"317986142681612487123999013690798250036",
"327975719628763653270566257269120350826",
"34562292136139495781506846405139358342",
"16525222622058043237713080879020575932",
"283768496119523766778365567182334773978",
"56182407057193638623905102244902259459",
"34971562934224812121250361817658781275",
"297763360091902644022462049249290273389",
"253119710022849656328639361282829451051",
"145221666184869082582395448278050551790"
]
},
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/parser/DisclaimersParserImpl.java"
},
"id": "ASB-A-299928772-692dbd55",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/d2e6c41b2936d4775e6e27801c02820378c4b2e6"
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 653.0,
"function_hash": "56599041486791653158793025001489753610"
},
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/parser/DisclaimersParserImpl.java",
"function": "validateUriSchemeAndPermission"
},
"id": "ASB-A-299928772-717900a3",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/d2e6c41b2936d4775e6e27801c02820378c4b2e6"
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1074.0,
"function_hash": "231057428299935066010462679043020374650"
},
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/parser/DisclaimersParserImpl.java",
"function": "parse"
},
"id": "ASB-A-299928772-9fa164db",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/b0946f908c9a23f576cf14a7596c2ffb6ca3ba96"
}
],
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/b0946f908c9a23f576cf14a7596c2ffb6ca3ba96",
"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/d2e6c41b2936d4775e6e27801c02820378c4b2e6"
],
"spl": "2025-09-01"
}
Android / platform/packages/apps/ManagedProvisioning
Package
Ecosystem specific
{
"vanir_signatures": [
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 653.0,
"function_hash": "56599041486791653158793025001489753610"
},
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/parser/DisclaimersParserImpl.java",
"function": "validateUriSchemeAndPermission"
},
"id": "ASB-A-299928772-5b14a2c6",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/02895ba5e4ad2b1e33b2bfd184105293649b4539"
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"21661374069910691696246148390452862549",
"168741972324412423054354703684407506159",
"289765908165413668509698509014490311459",
"265243392760694816224576526233570226393",
"40946140428739609848883109067537673393",
"70614530991709411807346231526898929961",
"320044701215734489085580280834184385095",
"182141923972420208967496091292371661973",
"237401992792594335746782023988038365848",
"305149881990112707825353692424671166181",
"33252221387156391046735923317394712199",
"160741497903630865216457377289265000805",
"264205345572203832760214993700416326663",
"59442247465558751868549629724754877861",
"242472957651837251870355421103073761720",
"13121978087997160257044866359009811297",
"246712920164809675401155579979002862656",
"180701290375588681121323057983220566313",
"238406775196507920004164357023990191921",
"241732665644526005067251578153060441424"
]
},
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/parser/DisclaimersParserImpl.java"
},
"id": "ASB-A-299928772-855e0567",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/0261ca4821a02d87afbebfa15c5e8c07b2d3cfbf"
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"306353843303387726355702498487522491806",
"293498699814438832855307943324029119172",
"52347117056467634937466565239980812129",
"317986142681612487123999013690798250036",
"327975719628763653270566257269120350826",
"34562292136139495781506846405139358342",
"16525222622058043237713080879020575932",
"283768496119523766778365567182334773978",
"56182407057193638623905102244902259459",
"34971562934224812121250361817658781275",
"297763360091902644022462049249290273389",
"253119710022849656328639361282829451051",
"145221666184869082582395448278050551790"
]
},
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/parser/DisclaimersParserImpl.java"
},
"id": "ASB-A-299928772-a86d9941",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/02895ba5e4ad2b1e33b2bfd184105293649b4539"
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1074.0,
"function_hash": "231057428299935066010462679043020374650"
},
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/parser/DisclaimersParserImpl.java",
"function": "parse"
},
"id": "ASB-A-299928772-aa12c6d1",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/0261ca4821a02d87afbebfa15c5e8c07b2d3cfbf"
}
],
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/0261ca4821a02d87afbebfa15c5e8c07b2d3cfbf",
"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/02895ba5e4ad2b1e33b2bfd184105293649b4539"
],
"spl": "2025-09-01"
}