ASB-A-337774836
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-337774836.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-337774836
- Aliases
-
- A-337774836
- CVE-2025-26435
- Published
- 2025-05-01T00:00:00Z
- Modified
- 2025-09-19T20:50:49.344728Z
- Summary
- [none]
- Details
-
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/packages/apps/Settings
Package
Ecosystem specific
{
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/baf503050fc615c7f663ad09e5adb5ab7e7d99dc"
],
"spl": "2025-05-01",
"vanir_signatures": [
{
"id": "ASB-A-337774836-0869afde",
"signature_version": "v1",
"digest": {
"length": 396.0,
"function_hash": "178772821437044671368461220834367232970"
},
"target": {
"function": "updateState",
"file": "src/com/android/settings/security/ContentProtectionTogglePreferenceController.java"
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/baf503050fc615c7f663ad09e5adb5ab7e7d99dc",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "ASB-A-337774836-9c07e091",
"signature_version": "v1",
"digest": {
"line_hashes": [
"23711293699501863784118794929569413548",
"25438287924212247658772188015551403265",
"272335625482017964206227763798719803994",
"268766867470797680073392046456207230271",
"101177561941442979732000305087204357315",
"299893934923863190506642489540768999050",
"51896521754327684075884495202685058216",
"219286521362033844097925689090791309388"
],
"threshold": 0.9
},
"target": {
"file": "src/com/android/settings/security/ContentProtectionTogglePreferenceController.java"
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/baf503050fc615c7f663ad09e5adb5ab7e7d99dc",
"deprecated": false,
"signature_type": "Line"
}
],
"severity": "High"
}
Android / platform/packages/apps/Settings
Package
Ecosystem specific
{
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/ef16a8cbef5e0987a37c2fa9e5091672a3c8e4ab"
],
"spl": "2025-05-01",
"vanir_signatures": [
{
"id": "ASB-A-337774836-4cddfe70",
"signature_version": "v1",
"digest": {
"length": 396.0,
"function_hash": "178772821437044671368461220834367232970"
},
"target": {
"function": "updateState",
"file": "src/com/android/settings/security/ContentProtectionTogglePreferenceController.java"
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ef16a8cbef5e0987a37c2fa9e5091672a3c8e4ab",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "ASB-A-337774836-50c54e1f",
"signature_version": "v1",
"digest": {
"line_hashes": [
"23711293699501863784118794929569413548",
"25438287924212247658772188015551403265",
"272335625482017964206227763798719803994",
"268766867470797680073392046456207230271",
"101177561941442979732000305087204357315",
"299893934923863190506642489540768999050",
"51896521754327684075884495202685058216",
"219286521362033844097925689090791309388"
],
"threshold": 0.9
},
"target": {
"file": "src/com/android/settings/security/ContentProtectionTogglePreferenceController.java"
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ef16a8cbef5e0987a37c2fa9e5091672a3c8e4ab",
"deprecated": false,
"signature_type": "Line"
}
],
"severity": "High"
}