ASB-A-337774836

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-337774836.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-337774836
Aliases
  • A-337774836
  • CVE-2025-26435
Published
2025-05-01T00:00:00Z
Modified
2025-05-05T15:34:04Z
Summary
[none]
Details

In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15-next:0
Fixed
15-next:2025-05-01

Affected versions

Other

15-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 396.0,
                "function_hash": "178772821437044671368461220834367232970"
            },
            "id": "ASB-A-337774836-0869afde",
            "source": "https://googleplex-android.googlesource.com/platform/packages/apps/Settings/+/baf503050fc615c7f663ad09e5adb5ab7e7d99dc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/security/ContentProtectionTogglePreferenceController.java",
                "function": "updateState"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "23711293699501863784118794929569413548",
                    "25438287924212247658772188015551403265",
                    "272335625482017964206227763798719803994",
                    "268766867470797680073392046456207230271",
                    "101177561941442979732000305087204357315",
                    "299893934923863190506642489540768999050",
                    "51896521754327684075884495202685058216",
                    "219286521362033844097925689090791309388"
                ]
            },
            "id": "ASB-A-337774836-9c07e091",
            "source": "https://googleplex-android.googlesource.com/platform/packages/apps/Settings/+/baf503050fc615c7f663ad09e5adb5ab7e7d99dc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/security/ContentProtectionTogglePreferenceController.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/baf503050fc615c7f663ad09e5adb5ab7e7d99dc"
    ],
    "spl": "2025-05-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15:0
Fixed
15:2025-05-01

Affected versions

Other

15

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 396.0,
                "function_hash": "178772821437044671368461220834367232970"
            },
            "id": "ASB-A-337774836-4cddfe70",
            "source": "https://googleplex-android.googlesource.com/platform/packages/apps/Settings/+/ef16a8cbef5e0987a37c2fa9e5091672a3c8e4ab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/security/ContentProtectionTogglePreferenceController.java",
                "function": "updateState"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "23711293699501863784118794929569413548",
                    "25438287924212247658772188015551403265",
                    "272335625482017964206227763798719803994",
                    "268766867470797680073392046456207230271",
                    "101177561941442979732000305087204357315",
                    "299893934923863190506642489540768999050",
                    "51896521754327684075884495202685058216",
                    "219286521362033844097925689090791309388"
                ]
            },
            "id": "ASB-A-337774836-50c54e1f",
            "source": "https://googleplex-android.googlesource.com/platform/packages/apps/Settings/+/ef16a8cbef5e0987a37c2fa9e5091672a3c8e4ab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/security/ContentProtectionTogglePreferenceController.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/ef16a8cbef5e0987a37c2fa9e5091672a3c8e4ab"
    ],
    "spl": "2025-05-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}