ASB-A-332277530
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-332277530.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-332277530
- Aliases
-
- A-332277530
- CVE-2025-22417
- Published
- 2025-04-01T00:00:00Z
- Modified
- 2025-12-12T17:17:40.256090Z
- Summary
- [none]
- Details
-
In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"spl": "2025-04-01",
"vanir_signatures": [
{
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/7366b99644fa61279591eec54ea725d86d6e2e93",
"id": "ASB-A-332277530-b918e16c",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/Transition.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"43321757872081070203107079530285764904",
"259474736871594508473064173875742022169",
"101281647174481639614123120420791051658",
"155627851148060635493144740141300058646",
"312852115778852061550559717320465254123",
"205318740049287123336964596818420624210",
"320472561389268828203707612226200794736",
"216764919076282728530001542877030237993",
"50282303557542167369505078076179223325",
"266662712364569598772809999191737064845",
"128514549824767817510309341388653812373",
"192690854717832912272169549773659020179",
"303989072137136356410617273412967353341"
]
},
"signature_version": "v1"
},
{
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/7366b99644fa61279591eec54ea725d86d6e2e93",
"id": "ASB-A-332277530-c66090ac",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/Transition.java",
"function": "finishTransition"
},
"digest": {
"function_hash": "143495626557028892849843957874352481508",
"length": 8338.0
},
"signature_version": "v1"
}
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/7366b99644fa61279591eec54ea725d86d6e2e93"
],
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"spl": "2025-04-01",
"vanir_signatures": [
{
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/24aeaa1b55d3c602ddd4e53a44bf304a21c8d3df",
"id": "ASB-A-332277530-f52c4474",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/Transition.java",
"function": "finishTransition"
},
"digest": {
"function_hash": "271949306122158318157587281129860000967",
"length": 7609.0
},
"signature_version": "v1"
},
{
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/24aeaa1b55d3c602ddd4e53a44bf304a21c8d3df",
"id": "ASB-A-332277530-fa0356f9",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/Transition.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"43321757872081070203107079530285764904",
"259474736871594508473064173875742022169",
"101281647174481639614123120420791051658",
"155627851148060635493144740141300058646",
"312852115778852061550559717320465254123",
"205318740049287123336964596818420624210",
"320472561389268828203707612226200794736",
"216764919076282728530001542877030237993",
"50282303557542167369505078076179223325",
"266662712364569598772809999191737064845",
"128514549824767817510309341388653812373",
"192690854717832912272169549773659020179",
"303989072137136356410617273412967353341"
]
},
"signature_version": "v1"
}
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/24aeaa1b55d3c602ddd4e53a44bf304a21c8d3df"
],
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"spl": "2025-04-01",
"vanir_signatures": [
{
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/806927c67cbb308739b06efe78ee474c83b66e24",
"id": "ASB-A-332277530-1c277f23",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/Transition.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"2482795662706534945073011631338541735",
"259474736871594508473064173875742022169",
"101281647174481639614123120420791051658",
"155627851148060635493144740141300058646",
"312852115778852061550559717320465254123",
"205318740049287123336964596818420624210",
"320472561389268828203707612226200794736",
"216764919076282728530001542877030237993",
"50282303557542167369505078076179223325",
"266662712364569598772809999191737064845",
"128514549824767817510309341388653812373",
"192690854717832912272169549773659020179",
"303989072137136356410617273412967353341"
]
},
"signature_version": "v1"
},
{
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/806927c67cbb308739b06efe78ee474c83b66e24",
"id": "ASB-A-332277530-3ef6f4ed",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/Transition.java",
"function": "finishTransition"
},
"digest": {
"function_hash": "37129745043719104312132640350457045810",
"length": 7105.0
},
"signature_version": "v1"
}
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/806927c67cbb308739b06efe78ee474c83b66e24"
],
"types": [
"EoP"
]
}