In showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "154770951609797451940987862552557479039", "218270295055629904027070469533680274829", "329718296283725824123553602088403096699", "173836244179821243033474735718348316364", "121546223260715733684130670385522693067", "135193467781791317406752509003365463482", "188036491421487214446849389566803674180", "284029106079095197665407380999538471599" ] }, "id": "ASB-A-341688848-02a4cd06", "source": "https://android.googlesource.com/platform/frameworks/base/+/e480e1892cafaff977e2ede68e5988eb732d098e", "deprecated": false, "signature_version": "v1", "target": { "file": "packages/SettingsLib/src/com/android/settingslib/users/EditUserPhotoController.java" }, "signature_type": "Line" }, { "digest": { "length": 418.0, "function_hash": "66252267982984076039731208061947608083" }, "id": "ASB-A-341688848-d63b28d1", "source": "https://android.googlesource.com/platform/frameworks/base/+/e480e1892cafaff977e2ede68e5988eb732d098e", "deprecated": false, "signature_version": "v1", "target": { "file": "packages/SettingsLib/src/com/android/settingslib/users/EditUserPhotoController.java", "function": "showAvatarPicker" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/e480e1892cafaff977e2ede68e5988eb732d098e" ], "spl": "2025-04-01", "severity": "High", "types": [ "ID" ] }
{ "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/4b731d5c8715190b88a44c443d5028b3014cd495", "https://android.googlesource.com/platform/frameworks/base/+/2ab1084a748a2303289624e6063d2c60d10ec922" ], "spl": "2025-04-01", "severity": "High", "types": [ "ID" ] }