ASB-A-364037868
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-364037868.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-364037868
- Aliases
-
- A-364037868
- CVE-2025-0097
- Published
- 2025-02-01T00:00:00Z
- Modified
- 2026-06-11T14:59:52.052110020Z
- Summary
- [none]
- Details
-
In transferTouchGesture of WindowManagerService.java , there is a possible way to steal sensitive user input due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"spl": "2025-02-01",
"vanir_signatures": [
{
"id": "ASB-A-364037868-077cecf4",
"target": {
"file": "services/core/java/com/android/server/wm/EmbeddedWindowController.java"
},
"digest": {
"line_hashes": [
"112163142825728286601376570101662734826",
"198441187844705953367518297218540333074",
"27331201922488527444348889345726650391",
"331293015077808543825935324836865827489",
"254620039880769067733808519606851641442",
"249953778221520835274907734933176820132",
"319969177551915669436124824182656977126",
"330455908732409693530174754088748729867",
"223257893106326682952811327007970127244",
"165295942820653251744689007900262988486",
"339867398381699969324056806102280831554",
"62627831524365546532846835358761752800",
"328988828590961588487264174790097211293",
"248873313261974045040769010167705224854",
"318989329479115589579834466806717562644",
"196663899505510187640273103465328812632",
"7110775924930340699819996708845965063",
"127177807673808879272973357402922359345"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/ea329372d8426c6cdbc2d5570c10bef1003d9912",
"signature_version": "v1"
},
{
"id": "ASB-A-364037868-79092008",
"target": {
"file": "services/core/java/com/android/server/wm/EmbeddedWindowController.java",
"function": "transferToEmbedded"
},
"deprecated": false,
"signature_type": "Function",
"digest": {
"function_hash": "83810895922488579077428771457198824121",
"length": 243.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/ea329372d8426c6cdbc2d5570c10bef1003d9912",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/wm/EmbeddedWindowController.java",
"function": "transferToHost"
},
"deprecated": false,
"digest": {
"function_hash": "164054265702367327672522119214234173400",
"length": 247.0
},
"id": "ASB-A-364037868-85489d9f",
"source": "https://android.googlesource.com/platform/frameworks/base/+/ea329372d8426c6cdbc2d5570c10bef1003d9912",
"signature_version": "v1"
},
{
"id": "ASB-A-364037868-92a8d311",
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"181108224164417289212662977271542690331",
"216736795130174833053450470557661182606",
"215186634025237061605494072778302230103",
"225791094088381205436562372308971221840",
"22889836881209034311231057490029027386",
"182136170710394038548729869525887337764",
"332135305770684805640646991324853200199",
"3595737875289616547646003412729253565",
"137029592712009112373773104562906111147",
"224324049306989509769718368863998371337",
"235365628243456370451281111157950868873",
"43211814438570816332155080524257449205",
"27006274758510872070366092813070533912",
"73535199168703535995551755658540598115",
"45103882340012321970988861038420164399",
"7131532624119669257814056485339276521"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/ea329372d8426c6cdbc2d5570c10bef1003d9912",
"signature_version": "v1"
},
{
"id": "ASB-A-364037868-ac5c1030",
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java",
"function": "transferTouchGesture"
},
"deprecated": false,
"digest": {
"function_hash": "223722273761691818931384484457924667470",
"length": 568.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/ea329372d8426c6cdbc2d5570c10bef1003d9912",
"signature_version": "v1"
},
{
"id": "ASB-A-364037868-f8ef5a79",
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java",
"function": "grantInputChannel"
},
"deprecated": false,
"digest": {
"function_hash": "192057271889427299029746959248646603949",
"length": 910.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/ea329372d8426c6cdbc2d5570c10bef1003d9912",
"signature_version": "v1"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/ea329372d8426c6cdbc2d5570c10bef1003d9912"
],
"severity": "High"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"spl": "2025-02-01",
"vanir_signatures": [
{
"id": "ASB-A-364037868-524896c0",
"target": {
"file": "services/core/java/com/android/server/wm/EmbeddedWindowController.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"112163142825728286601376570101662734826",
"198441187844705953367518297218540333074",
"27331201922488527444348889345726650391",
"331293015077808543825935324836865827489",
"254620039880769067733808519606851641442",
"249953778221520835274907734933176820132",
"319969177551915669436124824182656977126",
"330455908732409693530174754088748729867",
"223257893106326682952811327007970127244",
"165295942820653251744689007900262988486",
"339867398381699969324056806102280831554",
"62627831524365546532846835358761752800",
"328988828590961588487264174790097211293",
"248873313261974045040769010167705224854",
"318989329479115589579834466806717562644",
"196663899505510187640273103465328812632",
"7110775924930340699819996708845965063",
"127177807673808879272973357402922359345"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/4089c359361d8703bab3be0ab0a29723db76b356",
"signature_version": "v1"
},
{
"id": "ASB-A-364037868-aa6ace9d",
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java",
"function": "grantInputChannel"
},
"deprecated": false,
"digest": {
"function_hash": "192057271889427299029746959248646603949",
"length": 910.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/4089c359361d8703bab3be0ab0a29723db76b356",
"signature_version": "v1"
},
{
"id": "ASB-A-364037868-ae35eff7",
"target": {
"file": "services/core/java/com/android/server/wm/EmbeddedWindowController.java",
"function": "transferToEmbedded"
},
"deprecated": false,
"digest": {
"function_hash": "83810895922488579077428771457198824121",
"length": 243.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/4089c359361d8703bab3be0ab0a29723db76b356",
"signature_version": "v1"
},
{
"id": "ASB-A-364037868-c1c0b340",
"target": {
"file": "services/core/java/com/android/server/wm/EmbeddedWindowController.java",
"function": "transferToHost"
},
"deprecated": false,
"digest": {
"function_hash": "164054265702367327672522119214234173400",
"length": 247.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/4089c359361d8703bab3be0ab0a29723db76b356",
"signature_version": "v1"
},
{
"id": "ASB-A-364037868-c30e2726",
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java",
"function": "transferTouchGesture"
},
"deprecated": false,
"digest": {
"function_hash": "223722273761691818931384484457924667470",
"length": 568.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/4089c359361d8703bab3be0ab0a29723db76b356",
"signature_version": "v1"
},
{
"id": "ASB-A-364037868-f7c22191",
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java"
},
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"181108224164417289212662977271542690331",
"216736795130174833053450470557661182606",
"215186634025237061605494072778302230103",
"225791094088381205436562372308971221840",
"22889836881209034311231057490029027386",
"182136170710394038548729869525887337764",
"332135305770684805640646991324853200199",
"3595737875289616547646003412729253565",
"137029592712009112373773104562906111147",
"224324049306989509769718368863998371337",
"235365628243456370451281111157950868873",
"43211814438570816332155080524257449205",
"27006274758510872070366092813070533912",
"73535199168703535995551755658540598115",
"45103882340012321970988861038420164399",
"7131532624119669257814056485339276521"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/4089c359361d8703bab3be0ab0a29723db76b356",
"signature_version": "v1"
}
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/4089c359361d8703bab3be0ab0a29723db76b356"
]
}