ASB-A-313909156
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-313909156.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-313909156
- Aliases
-
- A-313909156
- CVE-2025-26420
- Published
- 2025-05-01T00:00:00Z
- Modified
- 2026-04-17T15:55:28.020024Z
- Summary
- [none]
- Details
-
In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/packages/modules/Permission
Package
- Name
- platform/packages/modules/Permission
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Permission/+/4695447d05449dc66412a16bc643556443a344e3"
],
"spl": "2025-05-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/4695447d05449dc66412a16bc643556443a344e3",
"target": {
"function": "onPermissionGrantResult",
"file": "PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"
},
"deprecated": false,
"digest": {
"function_hash": "129748535921948931016636929286576884070",
"length": 660.0
},
"signature_type": "Function",
"id": "ASB-A-313909156-1484b1ce"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/4695447d05449dc66412a16bc643556443a344e3",
"target": {
"function": "setResultIfNeeded",
"file": "PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"
},
"deprecated": false,
"digest": {
"function_hash": "237257450632212944378772553299579119159",
"length": 974.0
},
"signature_type": "Function",
"id": "ASB-A-313909156-1635c9c3"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/4695447d05449dc66412a16bc643556443a344e3",
"target": {
"function": "showNextRequest",
"file": "PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"
},
"deprecated": false,
"digest": {
"function_hash": "206204665237318696419502987127570188075",
"length": 3188.0
},
"signature_type": "Function",
"id": "ASB-A-313909156-7d8a4bff"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/4695447d05449dc66412a16bc643556443a344e3",
"target": {
"file": "PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"186467399167775900187323183962978158017",
"172497855422347814760396118002983671817",
"334527182618689280485115449642837984420",
"75917438917140843374651941704896994342",
"330613294008500563934349749652443920407",
"181635855760481884070321441589001633509",
"279504404980726276191023920782438881119",
"13527397992708905666576783064111768118",
"96049487661591365014897225881473379812",
"253605308563205905339372903397511703887",
"51416694353721343349112545224463017887",
"131457580541996635708619611035152093636",
"129446988498313116129295175708904280012",
"335082709399663640169700927721739837826",
"32650189432380887447674064311816413534",
"100992869935386542867012217975218379464",
"72867257842727325902078921719376273420",
"257506428077875157149658364772360437196",
"251457489055333475205342791949269626132",
"58889912616164054690732136175584397314",
"251067826445021144989084091170631791946",
"147317158956102727551123264839787063221",
"171432051035848690698190456082571319059",
"263128821243869128108983470132187230157",
"281327142696372053018715966114063475852",
"335621956170585084266642750003720206677",
"139642345071484036123943714279891346375",
"21276021345266436724701258659191009231",
"236886897908126801531837302594107208597",
"42770772941194742588182913795986968252",
"191956498141511282491121701295386757163",
"209601098936646850459471660577513831903",
"234397455240698749625696818450740476782",
"257280354126578040565656924447308171605",
"263321366157998656397679355632027858243",
"241757257044918184481683614225135054505",
"203767625223976589256523104318992678979",
"41118337435660706531588244749630974052",
"118574410387114613899710666455814034057",
"19806348458286784028998526376047235096",
"222589611628964743458115884746092905455",
"202213713867760682633042331947507531716",
"161446306026169860682222883211575011837",
"244425340686630035937406956629427414604",
"39242131779113619965150576499258152347",
"144074775192892221875422448805440255377",
"78236171019064070314122226124461268303",
"127715520721743188403660119658618805371",
"246552072053065493818311771062034219998",
"282671794518609310084358683216790655941",
"77919309481846488420945705682932230861",
"254978004380690969107571850886920907451",
"104221079492046264388526162238241330791",
"202568095828519406219350520690138269692",
"97448447785530436474746889589596757860",
"218603402382334643126929561909262340634",
"335621956170585084266642750003720206677",
"139642345071484036123943714279891346375",
"74842047812047406173586138647702010421",
"8834962737553501764486537916981555347",
"321619211494427535560247753706009459836",
"188202191662862754781582646874614166325",
"79524901457296159006784139737930114312",
"339436491805983263492629339516614754761",
"140396206956437311801604185959052188486",
"222158510387789391525336606802441952922",
"283208045468880161408341287057838680229",
"82547741161243374769321371885130838351",
"303482665607101570162012338582097758400",
"233840722647260708249791944403663565536",
"130134976410191085850606971620496077601",
"15874437291589469412795448680789960336",
"43470205215830191152782184854973616196",
"337057569442645699544716469569515782732",
"157868399213753125303488560936755848569",
"137989111665290747639634696356686879276",
"148472461664280173861002660664868032170",
"296822696825891912758165311467941473017",
"183644810974021584317859200990524460124",
"70189152197916780114053804003957891941",
"320779411307656031513079526170684403006",
"119969270777825677640801323061643227554",
"113947298663636355010306812726770715095",
"152320592790599160717128162988643093909",
"196199114566819347683131916661087664347",
"154409250749766351555608474056002775923",
"181432558917429005077451391355481006360",
"109203780897526864700728130540654200194",
"30852010842730519310358091579685119667"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-313909156-cbb9235f"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/4695447d05449dc66412a16bc643556443a344e3",
"target": {
"function": "onNewFollowerActivity",
"file": "PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"
},
"deprecated": false,
"digest": {
"function_hash": "83460400433071553615773067354470702856",
"length": 1155.0
},
"signature_type": "Function",
"id": "ASB-A-313909156-f048cc05"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/4695447d05449dc66412a16bc643556443a344e3",
"target": {
"function": "onCreate",
"file": "PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"
},
"deprecated": false,
"digest": {
"function_hash": "101284071973521971571371948875634833276",
"length": 5315.0
},
"signature_type": "Function",
"id": "ASB-A-313909156-fb709239"
}
],
"types": [
"EoP"
]
}platform/packages/modules/Permission
Package
- Name
- platform/packages/modules/Permission
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Permission/+/3221a7d15d9a04e77286c5ec7c4a0704b046eb6f"
],
"spl": "2025-05-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/3221a7d15d9a04e77286c5ec7c4a0704b046eb6f",
"target": {
"file": "PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"297689206181598069331002922395358437011",
"53103970518881348212111182210441065387",
"273560439908853465901911723477247892933",
"287506565760371768330045908730624635082",
"330613294008500563934349749652443920407",
"158780807269291953356502095163605274748",
"78164119038492352442815730254788564124",
"334652926304263157292016019141525428459",
"34941333813498205285278464472429361715",
"329745465751486175126702982276987291299",
"307355338159898063800033071189901241541",
"247860405436051805372412225806695949848",
"142482359667534876999521742067734531520",
"167482781717984059036024511430832498074",
"193632092955797562218527486710588094336",
"89254630391162220781226097155784721982",
"63642685882551582830021566816044692981",
"109609274678723191371587900238478004043",
"51416694353721343349112545224463017887",
"131457580541996635708619611035152093636",
"287198009249282149072790276963476269700",
"219162806080689101694939573689832890298",
"336131363385632538987209520794339690951",
"56367304980927980105215202953513688612",
"140693725449435172142134605868633447452",
"196333788053700123603366102844423068121",
"191864547246298896152550523267655455015",
"319948773891339957253400196296653838828",
"146802045844594804453429472377495824360",
"182731702135843946715986874614828896755",
"44710224534783046526192137049877202930",
"126221668034216869878967731762796924992",
"215295576507513963876989857376175776196",
"285928600849782465790763682886507676581",
"111559344130223511851829170277501650390",
"146822134239385531581582831540096824056",
"105120599251967275890411611319051005094",
"264721181706074774393921615956407498462",
"33718718104235830666628507008076605067",
"241757257044918184481683614225135054505",
"203767625223976589256523104318992678979",
"41118337435660706531588244749630974052",
"305834700296521252317712321803610114584",
"218218773758567126314609980600588427615",
"170505053037990333833082213200174931905",
"95170344308790819286424469591038092860",
"299513324089954029962372591418215223339",
"25739300443328904177261267366528203106",
"301894193756757353699820405754744967085",
"78236171019064070314122226124461268303",
"127715520721743188403660119658618805371",
"246552072053065493818311771062034219998",
"8691591043974207765645945076809068292",
"122145806247658706599538972600252622081",
"263317294939964243141696944762401876242",
"50277582960364554664263517229959117713",
"168329874518953841276667308037405085030",
"220275071212311656826758471473885004272",
"283782142393584532237923448244034944911",
"7104402438736866935718282998905421155",
"232016029919587207620873517364928109019",
"312920652860894322651700227571641187428",
"30165627929121676672387456665960204508",
"93263931991970380932431356490001135619",
"58592916389113586490655069546465027100",
"181432558917429005077451391355481006360",
"109203780897526864700728130540654200194",
"30852010842730519310358091579685119667"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-313909156-12e11f95"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/3221a7d15d9a04e77286c5ec7c4a0704b046eb6f",
"target": {
"function": "onNewFollowerActivity",
"file": "PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"
},
"deprecated": false,
"digest": {
"function_hash": "107455685653883416543601653703477760979",
"length": 1042.0
},
"signature_type": "Function",
"id": "ASB-A-313909156-135f77f4"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/3221a7d15d9a04e77286c5ec7c4a0704b046eb6f",
"target": {
"function": "onCreate",
"file": "PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"
},
"deprecated": false,
"digest": {
"function_hash": "43415802790324639296660759328168713527",
"length": 3598.0
},
"signature_type": "Function",
"id": "ASB-A-313909156-2f836a6d"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/3221a7d15d9a04e77286c5ec7c4a0704b046eb6f",
"target": {
"function": "showNextRequest",
"file": "PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"
},
"deprecated": false,
"digest": {
"function_hash": "75188701020156754185154146360564094075",
"length": 3404.0
},
"signature_type": "Function",
"id": "ASB-A-313909156-b39ffa25"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/3221a7d15d9a04e77286c5ec7c4a0704b046eb6f",
"target": {
"function": "setResultIfNeeded",
"file": "PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"
},
"deprecated": false,
"digest": {
"function_hash": "25361191611248642495133093634276748683",
"length": 1034.0
},
"signature_type": "Function",
"id": "ASB-A-313909156-dfeb111a"
}
],
"types": [
"EoP"
]
}platform/packages/modules/Permission
Package
- Name
- platform/packages/modules/Permission
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Permission/+/614473242f9e05a3f6e5e09ae8f18851c5061a15"
],
"spl": "2025-05-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/614473242f9e05a3f6e5e09ae8f18851c5061a15",
"target": {
"function": "setResultIfNeeded",
"file": "PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"
},
"deprecated": false,
"digest": {
"function_hash": "237257450632212944378772553299579119159",
"length": 974.0
},
"signature_type": "Function",
"id": "ASB-A-313909156-14d48b76"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/614473242f9e05a3f6e5e09ae8f18851c5061a15",
"target": {
"function": "onPermissionGrantResult",
"file": "PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"
},
"deprecated": false,
"digest": {
"function_hash": "227238115004879789209026603632572205352",
"length": 713.0
},
"signature_type": "Function",
"id": "ASB-A-313909156-ae4d2d2a"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/614473242f9e05a3f6e5e09ae8f18851c5061a15",
"target": {
"function": "onNewFollowerActivity",
"file": "PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"
},
"deprecated": false,
"digest": {
"function_hash": "106696359717779765718922639010542398770",
"length": 1107.0
},
"signature_type": "Function",
"id": "ASB-A-313909156-b62ecbb3"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/614473242f9e05a3f6e5e09ae8f18851c5061a15",
"target": {
"function": "onCreate",
"file": "PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"
},
"deprecated": false,
"digest": {
"function_hash": "25469503402566239287213414969245609240",
"length": 4183.0
},
"signature_type": "Function",
"id": "ASB-A-313909156-d960f34f"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/614473242f9e05a3f6e5e09ae8f18851c5061a15",
"target": {
"file": "PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"263357382819893312579834810970487788204",
"294056721924773711261542631233362736627",
"227853381776867097222171354140069327690",
"149576512802286534341414800852484254028",
"223584012300698312059102989889615113236",
"318898789046286237056628326142068584431",
"158722957216898028605671643853929736380",
"25259101268677886862739283590576992362",
"234338762910032123976108671785304939732",
"51416694353721343349112545224463017887",
"131457580541996635708619611035152093636",
"129446988498313116129295175708904280012",
"75822988148716651664620784184438239601",
"315148423341037199857903959935532427448",
"321776600469330016439712813381838046827",
"140693725449435172142134605868633447452",
"156657719452575946878006160201727567944",
"257506428077875157149658364772360437196",
"251457489055333475205342791949269626132",
"58889912616164054690732136175584397314",
"251067826445021144989084091170631791946",
"147317158956102727551123264839787063221",
"239369879304183492994697680549247917640",
"336742951141920859834205833863791613229",
"272061813753436152151034880413382772144",
"161579174472509729095508079186916172784",
"252214225399366748602522448644139900312",
"130073849974643280472058068761730684627",
"263321366157998656397679355632027858243",
"241757257044918184481683614225135054505",
"203767625223976589256523104318992678979",
"41118337435660706531588244749630974052",
"118574410387114613899710666455814034057",
"19806348458286784028998526376047235096",
"222589611628964743458115884746092905455",
"202213713867760682633042331947507531716",
"161446306026169860682222883211575011837",
"244425340686630035937406956629427414604",
"39242131779113619965150576499258152347",
"144074775192892221875422448805440255377",
"78236171019064070314122226124461268303",
"127715520721743188403660119658618805371",
"246552072053065493818311771062034219998",
"282671794518609310084358683216790655941",
"77919309481846488420945705682932230861",
"254978004380690969107571850886920907451",
"104221079492046264388526162238241330791",
"74842047812047406173586138647702010421",
"8834962737553501764486537916981555347",
"321619211494427535560247753706009459836",
"188202191662862754781582646874614166325",
"79524901457296159006784139737930114312",
"113736980258014186195377921039091270121",
"314014756152475452465708496297349362844",
"13979150327916395806080253261298735340",
"83405740484111226578845724422526631705",
"317992995746243618227172461162027170097",
"137897699450277983160444826220995171031",
"318463156198090027745978765643322595727",
"330891185401359539365712957553282450558",
"46060396291687483120641000676876599747",
"174722439332983080494459753137891033779",
"162083414647043994417446742266704689447",
"225780005815407315445442721541788223071",
"265137738030507530568121193921397503962",
"208618983852546455680668488222344530998",
"46281263391059963917268927381528595837",
"277977784511416501241836094146852191366",
"89993135430244255070388747164699200054",
"320779411307656031513079526170684403006",
"119969270777825677640801323061643227554",
"113947298663636355010306812726770715095",
"152320592790599160717128162988643093909",
"196199114566819347683131916661087664347",
"154409250749766351555608474056002775923",
"181432558917429005077451391355481006360",
"109203780897526864700728130540654200194",
"30852010842730519310358091579685119667"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-313909156-e41433a4"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/614473242f9e05a3f6e5e09ae8f18851c5061a15",
"target": {
"function": "showNextRequest",
"file": "PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"
},
"deprecated": false,
"digest": {
"function_hash": "262115217165135187817753145753767328264",
"length": 3927.0
},
"signature_type": "Function",
"id": "ASB-A-313909156-f4cb10e3"
}
],
"types": [
"EoP"
]
}