ASB-A-326211886

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-326211886.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-326211886
Aliases
Published
2026-03-01T00:00:00Z
Modified
2026-03-20T16:01:55.726900Z
Summary
[none]
Details

In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reveal the location of media due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android
platform/packages/providers/MediaProvider

Package

Name
platform/packages/providers/MediaProvider

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16-qpr2-next:0
Fixed
16-qpr2-next:2026-03-01

Affected versions

Other
16-qpr2-next

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java",
                "function": "isRedactionNeededForOpenViaContentResolver"
            },
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/5a11ea74803e7bbe1290f37f22dac14b92c37186",
            "deprecated": false,
            "digest": {
                "function_hash": "3947879338536374300193749368928913597",
                "length": 293.0
            },
            "id": "ASB-A-326211886-04415335",
            "signature_type": "Function"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java"
            },
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/5a11ea74803e7bbe1290f37f22dac14b92c37186",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "11942720536607617696703649065436243496",
                    "170364309099591840265831493252690026462",
                    "306417887722100167761222320659362297824",
                    "280515532697186378497862985673960395489",
                    "186911562886917436077106131631727385089",
                    "33202830951727541712943087592435810376",
                    "242810567114659136805036914614495714887",
                    "74943360723542005165109766887749548476",
                    "248353977370790246216347256552783927922",
                    "220840218187834712177030544585848842281",
                    "110343117931918513917208193213497103904"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-326211886-1db770d1",
            "signature_type": "Line"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java",
                "function": "openFileAndEnforcePathPermissionsHelper"
            },
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/5a11ea74803e7bbe1290f37f22dac14b92c37186",
            "deprecated": false,
            "digest": {
                "function_hash": "43840274065816339079016027784976702125",
                "length": 3427.0
            },
            "id": "ASB-A-326211886-2b9d4415",
            "signature_type": "Function"
        }
    ],
    "types": [
        "ID"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/5a11ea74803e7bbe1290f37f22dac14b92c37186"
    ],
    "spl": "2026-03-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-326211886.json"
platform/packages/providers/MediaProvider

Package

Name
platform/packages/providers/MediaProvider

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15:0
Fixed
15:2026-03-01

Affected versions

Other
15

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java",
                "function": "openFileAndEnforcePathPermissionsHelper"
            },
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/c8a1e15d3a79c4b27406c22f6036ff66a35fe41e",
            "deprecated": false,
            "digest": {
                "function_hash": "115549677857835416436120192053471390438",
                "length": 3434.0
            },
            "id": "ASB-A-326211886-2987c307",
            "signature_type": "Function"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java",
                "function": "isRedactionNeededForOpenViaContentResolver"
            },
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/c8a1e15d3a79c4b27406c22f6036ff66a35fe41e",
            "deprecated": false,
            "digest": {
                "function_hash": "3947879338536374300193749368928913597",
                "length": 293.0
            },
            "id": "ASB-A-326211886-3123262e",
            "signature_type": "Function"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java"
            },
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/c8a1e15d3a79c4b27406c22f6036ff66a35fe41e",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "11942720536607617696703649065436243496",
                    "170364309099591840265831493252690026462",
                    "306417887722100167761222320659362297824",
                    "280515532697186378497862985673960395489",
                    "186911562886917436077106131631727385089",
                    "33202830951727541712943087592435810376",
                    "242810567114659136805036914614495714887",
                    "74943360723542005165109766887749548476",
                    "248353977370790246216347256552783927922",
                    "220840218187834712177030544585848842281",
                    "110343117931918513917208193213497103904"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-326211886-bcd8f7f5",
            "signature_type": "Line"
        }
    ],
    "types": [
        "ID"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/c8a1e15d3a79c4b27406c22f6036ff66a35fe41e"
    ],
    "spl": "2026-03-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-326211886.json"
platform/packages/providers/MediaProvider

Package

Name
platform/packages/providers/MediaProvider

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16:0
Fixed
16:2026-03-01

Affected versions

Other
16

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java",
                "function": "isRedactionNeededForOpenViaContentResolver"
            },
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/e5e47f93838e1e9a3a3a520f7c89229fc041a8c3",
            "deprecated": false,
            "digest": {
                "function_hash": "3947879338536374300193749368928913597",
                "length": 293.0
            },
            "id": "ASB-A-326211886-3f04b5af",
            "signature_type": "Function"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java"
            },
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/e5e47f93838e1e9a3a3a520f7c89229fc041a8c3",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "11942720536607617696703649065436243496",
                    "170364309099591840265831493252690026462",
                    "306417887722100167761222320659362297824",
                    "280515532697186378497862985673960395489",
                    "186911562886917436077106131631727385089",
                    "33202830951727541712943087592435810376",
                    "242810567114659136805036914614495714887",
                    "74943360723542005165109766887749548476",
                    "248353977370790246216347256552783927922",
                    "220840218187834712177030544585848842281",
                    "110343117931918513917208193213497103904"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-326211886-acde155e",
            "signature_type": "Line"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java",
                "function": "openFileAndEnforcePathPermissionsHelper"
            },
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/e5e47f93838e1e9a3a3a520f7c89229fc041a8c3",
            "deprecated": false,
            "digest": {
                "function_hash": "115549677857835416436120192053471390438",
                "length": 3434.0
            },
            "id": "ASB-A-326211886-d22a412f",
            "signature_type": "Function"
        }
    ],
    "types": [
        "ID"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/e5e47f93838e1e9a3a3a520f7c89229fc041a8c3"
    ],
    "spl": "2026-03-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-326211886.json"
platform/packages/providers/MediaProvider

Package

Name
platform/packages/providers/MediaProvider

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16-qpr2:0
Fixed
16-qpr2:2026-03-01

Affected versions

Other
16-qpr2

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java",
                "function": "openFileAndEnforcePathPermissionsHelper"
            },
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/fcbf16bed2dafccc1194b3cd40ef580feb3b35ca",
            "deprecated": false,
            "digest": {
                "function_hash": "43840274065816339079016027784976702125",
                "length": 3427.0
            },
            "id": "ASB-A-326211886-124e7bb7",
            "signature_type": "Function"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java",
                "function": "isRedactionNeededForOpenViaContentResolver"
            },
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/fcbf16bed2dafccc1194b3cd40ef580feb3b35ca",
            "deprecated": false,
            "digest": {
                "function_hash": "3947879338536374300193749368928913597",
                "length": 293.0
            },
            "id": "ASB-A-326211886-30df316b",
            "signature_type": "Function"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java"
            },
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/fcbf16bed2dafccc1194b3cd40ef580feb3b35ca",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "11942720536607617696703649065436243496",
                    "170364309099591840265831493252690026462",
                    "306417887722100167761222320659362297824",
                    "280515532697186378497862985673960395489",
                    "186911562886917436077106131631727385089",
                    "33202830951727541712943087592435810376",
                    "242810567114659136805036914614495714887",
                    "74943360723542005165109766887749548476",
                    "248353977370790246216347256552783927922",
                    "220840218187834712177030544585848842281",
                    "110343117931918513917208193213497103904"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-326211886-43bc7338",
            "signature_type": "Line"
        }
    ],
    "types": [
        "ID"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/fcbf16bed2dafccc1194b3cd40ef580feb3b35ca"
    ],
    "spl": "2026-03-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-326211886.json"
platform/packages/providers/MediaProvider

Package

Name
platform/packages/providers/MediaProvider

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2026-03-01

Affected versions

Other
14

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java"
            },
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/e34c1886848b535b0ea643becfb559dc602de1b3",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "11942720536607617696703649065436243496",
                    "194555235230629271095418792663574329333",
                    "313729190405648049158555111332899287996",
                    "147166000092093614102377397860580901220",
                    "186911562886917436077106131631727385089",
                    "33202830951727541712943087592435810376",
                    "242810567114659136805036914614495714887",
                    "74943360723542005165109766887749548476",
                    "248353977370790246216347256552783927922",
                    "220840218187834712177030544585848842281",
                    "110343117931918513917208193213497103904"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-326211886-288a0169",
            "signature_type": "Line"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java",
                "function": "openFileAndEnforcePathPermissionsHelper"
            },
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/e34c1886848b535b0ea643becfb559dc602de1b3",
            "deprecated": false,
            "digest": {
                "function_hash": "218328680359319676980633498897235024463",
                "length": 3492.0
            },
            "id": "ASB-A-326211886-5a524704",
            "signature_type": "Function"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java",
                "function": "isRedactionNeededForOpenViaContentResolver"
            },
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/e34c1886848b535b0ea643becfb559dc602de1b3",
            "deprecated": false,
            "digest": {
                "function_hash": "3947879338536374300193749368928913597",
                "length": 293.0
            },
            "id": "ASB-A-326211886-7d328190",
            "signature_type": "Function"
        }
    ],
    "types": [
        "ID"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/e34c1886848b535b0ea643becfb559dc602de1b3"
    ],
    "spl": "2026-03-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-326211886.json"