ASB-A-365739560
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-365739560.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-365739560
- Aliases
-
- A-365739560
- CVE-2025-32326
- Published
- 2025-09-01T00:00:00Z
- Modified
- 2025-11-25T16:14:47.974140Z
- Summary
- [none]
- Details
-
In multiple functions of AppRestrictionsFragment.java, there is a possible way to bypass intent security check due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android
platform/packages/apps/Settings
Package
- Name
- platform/packages/apps/Settings
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/d3e34060803c97ae05719fe9301026e5c54892c8"
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2025-09-01",
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"length": 451.0,
"function_hash": "139833213286453817508976882185220600292"
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d3e34060803c97ae05719fe9301026e5c54892c8",
"signature_version": "v1",
"id": "ASB-A-365739560-80b180df",
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/AppRestrictionsFragment.java",
"function": "assertSafeToStartCustomActivity"
}
},
{
"signature_type": "Function",
"digest": {
"length": 923.0,
"function_hash": "44664639594184004527381814604213714195"
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d3e34060803c97ae05719fe9301026e5c54892c8",
"signature_version": "v1",
"id": "ASB-A-365739560-e151e87f",
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/AppRestrictionsFragment.java",
"function": "onReceive"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"226258992788408103768241656125646477489",
"151749678647308287184408583869206112276",
"32874708126785652610071324256384515293",
"142720510984991299874127682360591830670",
"238594068523129572717643131955295196712",
"65439622675099890104196857984663533821",
"32149523897884140014765625018284241268",
"31745228343486687015715975030408161151",
"285861665528246234849188350692803170265",
"195505780198854931865378430470304767688",
"30620144862055094913309642984484790709",
"172038091581725465188235125294497104040",
"332676715799252123219664180927578214086",
"256864482524894738248441823773669892375",
"152756306830895543643303987982768735873",
"83011365851368182460669908916017953360",
"320351620476754738044930245546768903412",
"70599665159709680621007106450376463716"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d3e34060803c97ae05719fe9301026e5c54892c8",
"signature_version": "v1",
"id": "ASB-A-365739560-f4415227",
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/AppRestrictionsFragment.java"
}
}
]
}platform/packages/apps/Settings
Package
- Name
- platform/packages/apps/Settings
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/624c2490780677f9dc2002318a9932ce406f056b"
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2025-09-01",
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"length": 923.0,
"function_hash": "44664639594184004527381814604213714195"
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/624c2490780677f9dc2002318a9932ce406f056b",
"signature_version": "v1",
"id": "ASB-A-365739560-3124d45d",
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/AppRestrictionsFragment.java",
"function": "onReceive"
}
},
{
"signature_type": "Function",
"digest": {
"length": 451.0,
"function_hash": "139833213286453817508976882185220600292"
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/624c2490780677f9dc2002318a9932ce406f056b",
"signature_version": "v1",
"id": "ASB-A-365739560-bd8a77fe",
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/AppRestrictionsFragment.java",
"function": "assertSafeToStartCustomActivity"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"226258992788408103768241656125646477489",
"151749678647308287184408583869206112276",
"32874708126785652610071324256384515293",
"142720510984991299874127682360591830670",
"238594068523129572717643131955295196712",
"65439622675099890104196857984663533821",
"32149523897884140014765625018284241268",
"31745228343486687015715975030408161151",
"285861665528246234849188350692803170265",
"195505780198854931865378430470304767688",
"30620144862055094913309642984484790709",
"172038091581725465188235125294497104040",
"332676715799252123219664180927578214086",
"256864482524894738248441823773669892375",
"152756306830895543643303987982768735873",
"83011365851368182460669908916017953360",
"320351620476754738044930245546768903412",
"70599665159709680621007106450376463716"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/624c2490780677f9dc2002318a9932ce406f056b",
"signature_version": "v1",
"id": "ASB-A-365739560-e3e092c9",
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/AppRestrictionsFragment.java"
}
}
]
}platform/packages/apps/Settings
Package
- Name
- platform/packages/apps/Settings
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/586422578de58f1da68fd9becf89a08ea2ae0058"
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2025-09-01",
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"length": 451.0,
"function_hash": "139833213286453817508976882185220600292"
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/586422578de58f1da68fd9becf89a08ea2ae0058",
"signature_version": "v1",
"id": "ASB-A-365739560-2bd3c7ee",
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/AppRestrictionsFragment.java",
"function": "assertSafeToStartCustomActivity"
}
},
{
"signature_type": "Function",
"digest": {
"length": 923.0,
"function_hash": "44664639594184004527381814604213714195"
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/586422578de58f1da68fd9becf89a08ea2ae0058",
"signature_version": "v1",
"id": "ASB-A-365739560-7b6121e9",
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/AppRestrictionsFragment.java",
"function": "onReceive"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"226258992788408103768241656125646477489",
"151749678647308287184408583869206112276",
"32874708126785652610071324256384515293",
"142720510984991299874127682360591830670",
"238594068523129572717643131955295196712",
"65439622675099890104196857984663533821",
"32149523897884140014765625018284241268",
"31745228343486687015715975030408161151",
"285861665528246234849188350692803170265",
"195505780198854931865378430470304767688",
"30620144862055094913309642984484790709",
"172038091581725465188235125294497104040",
"332676715799252123219664180927578214086",
"256864482524894738248441823773669892375",
"152756306830895543643303987982768735873",
"83011365851368182460669908916017953360",
"320351620476754738044930245546768903412",
"70599665159709680621007106450376463716"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/586422578de58f1da68fd9becf89a08ea2ae0058",
"signature_version": "v1",
"id": "ASB-A-365739560-a371fcaf",
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/AppRestrictionsFragment.java"
}
}
]
}platform/packages/apps/Settings
Package
- Name
- platform/packages/apps/Settings
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/52a681c81503ef10dca1d7fc01d83a1925c256b9"
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2025-09-01",
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"length": 923.0,
"function_hash": "44664639594184004527381814604213714195"
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/52a681c81503ef10dca1d7fc01d83a1925c256b9",
"signature_version": "v1",
"id": "ASB-A-365739560-21985fbf",
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/AppRestrictionsFragment.java",
"function": "onReceive"
}
},
{
"signature_type": "Function",
"digest": {
"length": 451.0,
"function_hash": "139833213286453817508976882185220600292"
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/52a681c81503ef10dca1d7fc01d83a1925c256b9",
"signature_version": "v1",
"id": "ASB-A-365739560-8e77647f",
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/AppRestrictionsFragment.java",
"function": "assertSafeToStartCustomActivity"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"226258992788408103768241656125646477489",
"151749678647308287184408583869206112276",
"32874708126785652610071324256384515293",
"142720510984991299874127682360591830670",
"238594068523129572717643131955295196712",
"65439622675099890104196857984663533821",
"32149523897884140014765625018284241268",
"31745228343486687015715975030408161151",
"285861665528246234849188350692803170265",
"195505780198854931865378430470304767688",
"30620144862055094913309642984484790709",
"172038091581725465188235125294497104040",
"332676715799252123219664180927578214086",
"256864482524894738248441823773669892375",
"152756306830895543643303987982768735873",
"83011365851368182460669908916017953360",
"320351620476754738044930245546768903412",
"70599665159709680621007106450376463716"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/52a681c81503ef10dca1d7fc01d83a1925c256b9",
"signature_version": "v1",
"id": "ASB-A-365739560-afe0d2cb",
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/AppRestrictionsFragment.java"
}
}
]
}platform/packages/apps/Settings
Package
- Name
- platform/packages/apps/Settings
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/4b380a97ede6c40299da3e6637f4c25452237bf9"
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2025-09-01",
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"length": 451.0,
"function_hash": "139833213286453817508976882185220600292"
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/4b380a97ede6c40299da3e6637f4c25452237bf9",
"signature_version": "v1",
"id": "ASB-A-365739560-041a61df",
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/AppRestrictionsFragment.java",
"function": "assertSafeToStartCustomActivity"
}
},
{
"signature_type": "Function",
"digest": {
"length": 923.0,
"function_hash": "44664639594184004527381814604213714195"
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/4b380a97ede6c40299da3e6637f4c25452237bf9",
"signature_version": "v1",
"id": "ASB-A-365739560-2edf8beb",
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/AppRestrictionsFragment.java",
"function": "onReceive"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"226258992788408103768241656125646477489",
"151749678647308287184408583869206112276",
"32874708126785652610071324256384515293",
"142720510984991299874127682360591830670",
"238594068523129572717643131955295196712",
"65439622675099890104196857984663533821",
"32149523897884140014765625018284241268",
"31745228343486687015715975030408161151",
"285861665528246234849188350692803170265",
"195505780198854931865378430470304767688",
"30620144862055094913309642984484790709",
"172038091581725465188235125294497104040",
"332676715799252123219664180927578214086",
"256864482524894738248441823773669892375",
"152756306830895543643303987982768735873",
"83011365851368182460669908916017953360",
"320351620476754738044930245546768903412",
"70599665159709680621007106450376463716"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/4b380a97ede6c40299da3e6637f4c25452237bf9",
"signature_version": "v1",
"id": "ASB-A-365739560-85b8826c",
"deprecated": false,
"target": {
"file": "src/com/android/settings/users/AppRestrictionsFragment.java"
}
}
]
}