ASB-A-301952571
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-301952571.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-301952571
- Aliases
-
- A-301952571
- CVE-2025-48639
- Published
- 2025-12-01T00:00:00Z
- Modified
- 2026-01-22T17:06:14.278832Z
- Summary
- [none]
- Details
-
In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/34f7093f864616059caad72366409ab1b4792675"
],
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/34f7093f864616059caad72366409ab1b4792675",
"deprecated": false,
"digest": {
"line_hashes": [
"102376982044160493164054560424829740992",
"66499418353376395208915744637021515921",
"130252057911911557120901590373891803764",
"290301398973385244038766360757378904818"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-301952571-3a792091",
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/transition/DefaultTransitionHandler.java"
}
}
],
"types": [
"EoP"
],
"severity": "High",
"spl": "2025-12-01"
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/626f4201c51f294dbf1dd37034aa8bd2cd549826"
],
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/626f4201c51f294dbf1dd37034aa8bd2cd549826",
"deprecated": false,
"digest": {
"line_hashes": [
"5394850696851107489683868258220425241",
"118260498044634936657883368239434792272",
"111512741543011694653014009302648536530"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-301952571-00e74b31",
"target": {
"file": "services/inputflinger/dispatcher/InputDispatcher.cpp"
}
}
],
"types": [
"EoP"
],
"severity": "High",
"spl": "2025-12-01"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/1d37fc960d93d216e151d74662ccc5d53fd68978"
],
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1d37fc960d93d216e151d74662ccc5d53fd68978",
"deprecated": false,
"digest": {
"line_hashes": [
"248856889590144885621918607836282539025",
"144531626938778448552179873240849072977",
"106039877743107897291918924499970282509",
"188457292567742801376067883879181012870"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-301952571-7562e2de",
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/transition/DefaultTransitionHandler.java"
}
}
],
"types": [
"EoP"
],
"severity": "High",
"spl": "2025-12-01"
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/a1c211a49aff429e54e9d0f41649ab18c1b4e22d"
],
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/a1c211a49aff429e54e9d0f41649ab18c1b4e22d",
"deprecated": false,
"digest": {
"line_hashes": [
"154201780020139837239759456663197568923",
"307574667483685234664799342826226447129",
"111512741543011694653014009302648536530"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-301952571-863a7e80",
"target": {
"file": "services/inputflinger/dispatcher/InputDispatcher.cpp"
}
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/a1c211a49aff429e54e9d0f41649ab18c1b4e22d",
"deprecated": false,
"digest": {
"length": 1841.0,
"function_hash": "293883125124188735835403008805557989755"
},
"signature_type": "Function",
"id": "ASB-A-301952571-fa767d19",
"target": {
"function": "InputDispatcher::canWindowReceiveMotionLocked",
"file": "services/inputflinger/dispatcher/InputDispatcher.cpp"
}
}
],
"types": [
"EoP"
],
"severity": "High",
"spl": "2025-12-01"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/71d67882398e9a28c268e19d5a5d66ff7632c4ed"
],
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/71d67882398e9a28c268e19d5a5d66ff7632c4ed",
"deprecated": false,
"digest": {
"line_hashes": [
"248856889590144885621918607836282539025",
"170601685298913636518152436052267910966",
"130252057911911557120901590373891803764",
"290301398973385244038766360757378904818"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-301952571-6f7088c2",
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/transition/DefaultTransitionHandler.java"
}
}
],
"types": [
"EoP"
],
"severity": "High",
"spl": "2025-12-01"
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/61b3b73116cb7fc760683db1d02e6466522aacbf"
],
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/61b3b73116cb7fc760683db1d02e6466522aacbf",
"deprecated": false,
"digest": {
"line_hashes": [
"5394850696851107489683868258220425241",
"118260498044634936657883368239434792272",
"111512741543011694653014009302648536530"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-301952571-5dc813ca",
"target": {
"file": "services/inputflinger/dispatcher/InputDispatcher.cpp"
}
}
],
"types": [
"EoP"
],
"severity": "High",
"spl": "2025-12-01"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/1e9412266ede59c046b83ad3a3fbfcaba94a1787"
],
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1e9412266ede59c046b83ad3a3fbfcaba94a1787",
"deprecated": false,
"digest": {
"line_hashes": [
"248856889590144885621918607836282539025",
"44536510841965663279992936573567125690",
"5614311063228002728842156457546024868",
"286505572372986416403478625591453334143"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-301952571-bf2b2d08",
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/transition/DefaultTransitionHandler.java"
}
}
],
"types": [
"EoP"
],
"severity": "High",
"spl": "2025-12-01"
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/9f65d0158f853ca4571a7af155969f0081d79a49"
],
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/9f65d0158f853ca4571a7af155969f0081d79a49",
"deprecated": false,
"digest": {
"length": 11604.0,
"function_hash": "55669835188213314027306847272836052850"
},
"signature_type": "Function",
"id": "ASB-A-301952571-44b6301a",
"target": {
"function": "InputDispatcher::findTouchedWindowTargetsLocked",
"file": "services/inputflinger/dispatcher/InputDispatcher.cpp"
}
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/9f65d0158f853ca4571a7af155969f0081d79a49",
"deprecated": false,
"digest": {
"line_hashes": [
"108905384051329200733903586878036295580",
"177927706532921712772368279218975722500",
"216405314139094600963822921191872050443",
"219664331880740055396330504946416842747"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-301952571-c6b4d22f",
"target": {
"file": "services/inputflinger/dispatcher/InputDispatcher.cpp"
}
}
],
"types": [
"EoP"
],
"severity": "High",
"spl": "2025-12-01"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/0f849cfc111ebb8324bdf11039b4a5dc998feefa"
],
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/0f849cfc111ebb8324bdf11039b4a5dc998feefa",
"deprecated": false,
"digest": {
"line_hashes": [
"248856889590144885621918607836282539025",
"144531626938778448552179873240849072977",
"106039877743107897291918924499970282509",
"188457292567742801376067883879181012870"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-301952571-eaff47c8",
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/transition/DefaultTransitionHandler.java"
}
}
],
"types": [
"EoP"
],
"severity": "High",
"spl": "2025-12-01"
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/3c01b64e016060ce736a893922aec1f2ebca2995"
],
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/3c01b64e016060ce736a893922aec1f2ebca2995",
"deprecated": false,
"digest": {
"length": 1546.0,
"function_hash": "75330836211644953868411228713032159909"
},
"signature_type": "Function",
"id": "ASB-A-301952571-39d8b960",
"target": {
"function": "InputDispatcher::canWindowReceiveMotionLocked",
"file": "services/inputflinger/dispatcher/InputDispatcher.cpp"
}
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/3c01b64e016060ce736a893922aec1f2ebca2995",
"deprecated": false,
"digest": {
"line_hashes": [
"154201780020139837239759456663197568923",
"307574667483685234664799342826226447129",
"111512741543011694653014009302648536530"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-301952571-e28b9735",
"target": {
"file": "services/inputflinger/dispatcher/InputDispatcher.cpp"
}
}
],
"types": [
"EoP"
],
"severity": "High",
"spl": "2025-12-01"
}