ASB-A-352542820
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-352542820.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-352542820
- Aliases
-
- A-352542820
- CVE-2025-0094
- Published
- 2025-02-01T00:00:00Z
- Modified
- 2025-09-11T14:57:02.413144Z
- Summary
- [none]
- Details
-
In onCreateOptionsMenu of UserSettings.java, there is a possible way to remove the work profile by opening a hidden activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/packages/apps/Settings
Package
Ecosystem specific
{
"severity": "High",
"types": [
"EoP"
],
"spl": "2025-02-01",
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/69c7f5dac580361792bbb189178653b297d06c8a"
],
"vanir_signatures": [
{
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/UserSettings.java"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"242071329039234903564330311102706397438",
"134295411467839235342482456664948554895",
"169633955404235269130637314301038315365",
"56410709368905003823351813560351962084"
]
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/69c7f5dac580361792bbb189178653b297d06c8a",
"signature_version": "v1",
"id": "ASB-A-352542820-0f878b2d"
},
{
"deprecated": false,
"target": {
"function": "onCreateOptionsMenu",
"file": "src/com/android/settings/users/UserSettings.java"
},
"signature_type": "Function",
"digest": {
"function_hash": "5297040686157113669843507416744298619",
"length": 628.0
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/69c7f5dac580361792bbb189178653b297d06c8a",
"signature_version": "v1",
"id": "ASB-A-352542820-c326fb85"
}
]
}
Android / platform/packages/apps/Settings
Package
Ecosystem specific
{
"severity": "High",
"types": [
"EoP"
],
"spl": "2025-02-01",
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/44a35ac07bcc076871b8054331096aaff8ee10f0"
],
"vanir_signatures": [
{
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/UserSettings.java"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"123345394078970606313733559622214649680",
"215436038444051623317548360635020215909",
"150564406213355045340645040749077914161",
"297603582668471109437827171691432367717",
"210570433010057915318453600932896554013"
]
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/44a35ac07bcc076871b8054331096aaff8ee10f0",
"signature_version": "v1",
"id": "ASB-A-352542820-333a22bb"
},
{
"deprecated": false,
"target": {
"function": "onCreateOptionsMenu",
"file": "src/com/android/settings/users/UserSettings.java"
},
"signature_type": "Function",
"digest": {
"function_hash": "97534839408003205833569796228337421899",
"length": 637.0
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/44a35ac07bcc076871b8054331096aaff8ee10f0",
"signature_version": "v1",
"id": "ASB-A-352542820-85051e31"
}
]
}
Android / platform/packages/apps/Settings
Package
Ecosystem specific
{
"severity": "High",
"types": [
"EoP"
],
"spl": "2025-02-01",
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/4901c86b765f5e72075fb5e26374c097920a56f5"
],
"vanir_signatures": [
{
"deprecated": false,
"target": {
"function": "onCreateOptionsMenu",
"file": "src/com/android/settings/users/UserSettings.java"
},
"signature_type": "Function",
"digest": {
"function_hash": "97534839408003205833569796228337421899",
"length": 637.0
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/4901c86b765f5e72075fb5e26374c097920a56f5",
"signature_version": "v1",
"id": "ASB-A-352542820-2e3df796"
},
{
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/UserSettings.java"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"123345394078970606313733559622214649680",
"215436038444051623317548360635020215909",
"150564406213355045340645040749077914161",
"297603582668471109437827171691432367717",
"210570433010057915318453600932896554013"
]
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/4901c86b765f5e72075fb5e26374c097920a56f5",
"signature_version": "v1",
"id": "ASB-A-352542820-75666d0d"
}
]
}
Android / platform/packages/apps/Settings
Package
Ecosystem specific
{
"severity": "High",
"types": [
"EoP"
],
"spl": "2025-02-01",
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/e0b732cbeecb51a26377052501d2b10a8f5ee862"
],
"vanir_signatures": [
{
"deprecated": false,
"target": {
"function": "onCreateOptionsMenu",
"file": "src/com/android/settings/users/UserSettings.java"
},
"signature_type": "Function",
"digest": {
"function_hash": "111839824081433679935569242106740470944",
"length": 600.0
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/e0b732cbeecb51a26377052501d2b10a8f5ee862",
"signature_version": "v1",
"id": "ASB-A-352542820-61922730"
},
{
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/UserSettings.java"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"220850207288900145948609566205506761153",
"101926054534650046886223476923094117675",
"180495815931253329562996851526167626856",
"67827823035145780890074325285873282089"
]
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/e0b732cbeecb51a26377052501d2b10a8f5ee862",
"signature_version": "v1",
"id": "ASB-A-352542820-b0ae04f6"
}
]
}
Android / platform/packages/apps/Settings
Package
Ecosystem specific
{
"severity": "High",
"types": [
"EoP"
],
"spl": "2025-02-01",
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/31e69deb2809887b5ea7b8b7a7893d7db90acdd2"
],
"vanir_signatures": [
{
"deprecated": false,
"target": {
"function": "onCreateOptionsMenu",
"file": "src/com/android/settings/users/UserSettings.java"
},
"signature_type": "Function",
"digest": {
"function_hash": "97534839408003205833569796228337421899",
"length": 637.0
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/31e69deb2809887b5ea7b8b7a7893d7db90acdd2",
"signature_version": "v1",
"id": "ASB-A-352542820-521a6e35"
},
{
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/UserSettings.java"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"123345394078970606313733559622214649680",
"215436038444051623317548360635020215909",
"150564406213355045340645040749077914161",
"297603582668471109437827171691432367717",
"210570433010057915318453600932896554013"
]
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/31e69deb2809887b5ea7b8b7a7893d7db90acdd2",
"signature_version": "v1",
"id": "ASB-A-352542820-cc2f3f5e"
}
]
}
Android / platform/packages/apps/Settings
Package
Ecosystem specific
{
"severity": "High",
"types": [
"EoP"
],
"spl": "2025-02-01",
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/6e413c4cff2f306d18e9682b1e0be5ddc8427c5f"
],
"vanir_signatures": [
{
"deprecated": false,
"target": {
"function": "onCreateOptionsMenu",
"file": "src/com/android/settings/users/UserSettings.java"
},
"signature_type": "Function",
"digest": {
"function_hash": "111839824081433679935569242106740470944",
"length": 600.0
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/6e413c4cff2f306d18e9682b1e0be5ddc8427c5f",
"signature_version": "v1",
"id": "ASB-A-352542820-3fb7d2f1"
},
{
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/UserSettings.java"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"220850207288900145948609566205506761153",
"101926054534650046886223476923094117675",
"180495815931253329562996851526167626856",
"67827823035145780890074325285873282089"
]
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/6e413c4cff2f306d18e9682b1e0be5ddc8427c5f",
"signature_version": "v1",
"id": "ASB-A-352542820-c2231d48"
}
]
}