ASB-A-365739560

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-365739560.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-365739560
Aliases
  • A-365739560
  • CVE-2025-32326
Published
2025-09-01T00:00:00Z
Modified
2025-09-02T14:59:13.694122Z
Summary
[none]
Details

In multiple functions of AppRestrictionsFragment.java, there is a possible way to bypass intent security check due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/packages/apps/Settings

Package

Name
platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16-next:0
Fixed
16-next:2025-09-01

Affected versions

Other

16-next

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "src/com/android/settings/users/AppRestrictionsFragment.java",
                "function": "assertSafeToStartCustomActivity"
            },
            "signature_version": "v1",
            "digest": {
                "length": 451.0,
                "function_hash": "139833213286453817508976882185220600292"
            },
            "id": "ASB-A-365739560-80b180df",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d3e34060803c97ae05719fe9301026e5c54892c8"
        },
        {
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "src/com/android/settings/users/AppRestrictionsFragment.java",
                "function": "onReceive"
            },
            "signature_version": "v1",
            "digest": {
                "length": 923.0,
                "function_hash": "44664639594184004527381814604213714195"
            },
            "id": "ASB-A-365739560-e151e87f",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d3e34060803c97ae05719fe9301026e5c54892c8"
        },
        {
            "signature_type": "Line",
            "deprecated": false,
            "target": {
                "file": "src/com/android/settings/users/AppRestrictionsFragment.java"
            },
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "226258992788408103768241656125646477489",
                    "151749678647308287184408583869206112276",
                    "32874708126785652610071324256384515293",
                    "142720510984991299874127682360591830670",
                    "238594068523129572717643131955295196712",
                    "65439622675099890104196857984663533821",
                    "32149523897884140014765625018284241268",
                    "31745228343486687015715975030408161151",
                    "285861665528246234849188350692803170265",
                    "195505780198854931865378430470304767688",
                    "30620144862055094913309642984484790709",
                    "172038091581725465188235125294497104040",
                    "332676715799252123219664180927578214086",
                    "256864482524894738248441823773669892375",
                    "152756306830895543643303987982768735873",
                    "83011365851368182460669908916017953360",
                    "320351620476754738044930245546768903412",
                    "70599665159709680621007106450376463716"
                ]
            },
            "id": "ASB-A-365739560-f4415227",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d3e34060803c97ae05719fe9301026e5c54892c8"
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/d3e34060803c97ae05719fe9301026e5c54892c8"
    ],
    "spl": "2025-09-01"
}

Android / platform/packages/apps/Settings

Package

Name
platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15:0
Fixed
15:2025-09-01

Affected versions

Other

15

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "src/com/android/settings/users/AppRestrictionsFragment.java",
                "function": "onReceive"
            },
            "signature_version": "v1",
            "digest": {
                "length": 923.0,
                "function_hash": "44664639594184004527381814604213714195"
            },
            "id": "ASB-A-365739560-3124d45d",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/624c2490780677f9dc2002318a9932ce406f056b"
        },
        {
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "src/com/android/settings/users/AppRestrictionsFragment.java",
                "function": "assertSafeToStartCustomActivity"
            },
            "signature_version": "v1",
            "digest": {
                "length": 451.0,
                "function_hash": "139833213286453817508976882185220600292"
            },
            "id": "ASB-A-365739560-bd8a77fe",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/624c2490780677f9dc2002318a9932ce406f056b"
        },
        {
            "signature_type": "Line",
            "deprecated": false,
            "target": {
                "file": "src/com/android/settings/users/AppRestrictionsFragment.java"
            },
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "226258992788408103768241656125646477489",
                    "151749678647308287184408583869206112276",
                    "32874708126785652610071324256384515293",
                    "142720510984991299874127682360591830670",
                    "238594068523129572717643131955295196712",
                    "65439622675099890104196857984663533821",
                    "32149523897884140014765625018284241268",
                    "31745228343486687015715975030408161151",
                    "285861665528246234849188350692803170265",
                    "195505780198854931865378430470304767688",
                    "30620144862055094913309642984484790709",
                    "172038091581725465188235125294497104040",
                    "332676715799252123219664180927578214086",
                    "256864482524894738248441823773669892375",
                    "152756306830895543643303987982768735873",
                    "83011365851368182460669908916017953360",
                    "320351620476754738044930245546768903412",
                    "70599665159709680621007106450376463716"
                ]
            },
            "id": "ASB-A-365739560-e3e092c9",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/624c2490780677f9dc2002318a9932ce406f056b"
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/624c2490780677f9dc2002318a9932ce406f056b"
    ],
    "spl": "2025-09-01"
}

Android / platform/packages/apps/Settings

Package

Name
platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16:0
Fixed
16:2025-09-01

Affected versions

Other

16

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "src/com/android/settings/users/AppRestrictionsFragment.java",
                "function": "assertSafeToStartCustomActivity"
            },
            "signature_version": "v1",
            "digest": {
                "length": 451.0,
                "function_hash": "139833213286453817508976882185220600292"
            },
            "id": "ASB-A-365739560-2bd3c7ee",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/586422578de58f1da68fd9becf89a08ea2ae0058"
        },
        {
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "src/com/android/settings/users/AppRestrictionsFragment.java",
                "function": "onReceive"
            },
            "signature_version": "v1",
            "digest": {
                "length": 923.0,
                "function_hash": "44664639594184004527381814604213714195"
            },
            "id": "ASB-A-365739560-7b6121e9",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/586422578de58f1da68fd9becf89a08ea2ae0058"
        },
        {
            "signature_type": "Line",
            "deprecated": false,
            "target": {
                "file": "src/com/android/settings/users/AppRestrictionsFragment.java"
            },
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "226258992788408103768241656125646477489",
                    "151749678647308287184408583869206112276",
                    "32874708126785652610071324256384515293",
                    "142720510984991299874127682360591830670",
                    "238594068523129572717643131955295196712",
                    "65439622675099890104196857984663533821",
                    "32149523897884140014765625018284241268",
                    "31745228343486687015715975030408161151",
                    "285861665528246234849188350692803170265",
                    "195505780198854931865378430470304767688",
                    "30620144862055094913309642984484790709",
                    "172038091581725465188235125294497104040",
                    "332676715799252123219664180927578214086",
                    "256864482524894738248441823773669892375",
                    "152756306830895543643303987982768735873",
                    "83011365851368182460669908916017953360",
                    "320351620476754738044930245546768903412",
                    "70599665159709680621007106450376463716"
                ]
            },
            "id": "ASB-A-365739560-a371fcaf",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/586422578de58f1da68fd9becf89a08ea2ae0058"
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/586422578de58f1da68fd9becf89a08ea2ae0058"
    ],
    "spl": "2025-09-01"
}

Android / platform/packages/apps/Settings

Package

Name
platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2025-09-01

Affected versions

Other

13

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "src/com/android/settings/users/AppRestrictionsFragment.java",
                "function": "onReceive"
            },
            "signature_version": "v1",
            "digest": {
                "length": 923.0,
                "function_hash": "44664639594184004527381814604213714195"
            },
            "id": "ASB-A-365739560-21985fbf",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/52a681c81503ef10dca1d7fc01d83a1925c256b9"
        },
        {
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "src/com/android/settings/users/AppRestrictionsFragment.java",
                "function": "assertSafeToStartCustomActivity"
            },
            "signature_version": "v1",
            "digest": {
                "length": 451.0,
                "function_hash": "139833213286453817508976882185220600292"
            },
            "id": "ASB-A-365739560-8e77647f",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/52a681c81503ef10dca1d7fc01d83a1925c256b9"
        },
        {
            "signature_type": "Line",
            "deprecated": false,
            "target": {
                "file": "src/com/android/settings/users/AppRestrictionsFragment.java"
            },
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "226258992788408103768241656125646477489",
                    "151749678647308287184408583869206112276",
                    "32874708126785652610071324256384515293",
                    "142720510984991299874127682360591830670",
                    "238594068523129572717643131955295196712",
                    "65439622675099890104196857984663533821",
                    "32149523897884140014765625018284241268",
                    "31745228343486687015715975030408161151",
                    "285861665528246234849188350692803170265",
                    "195505780198854931865378430470304767688",
                    "30620144862055094913309642984484790709",
                    "172038091581725465188235125294497104040",
                    "332676715799252123219664180927578214086",
                    "256864482524894738248441823773669892375",
                    "152756306830895543643303987982768735873",
                    "83011365851368182460669908916017953360",
                    "320351620476754738044930245546768903412",
                    "70599665159709680621007106450376463716"
                ]
            },
            "id": "ASB-A-365739560-afe0d2cb",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/52a681c81503ef10dca1d7fc01d83a1925c256b9"
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/52a681c81503ef10dca1d7fc01d83a1925c256b9"
    ],
    "spl": "2025-09-01"
}

Android / platform/packages/apps/Settings

Package

Name
platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2025-09-01

Affected versions

Other

14

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "src/com/android/settings/users/AppRestrictionsFragment.java",
                "function": "assertSafeToStartCustomActivity"
            },
            "signature_version": "v1",
            "digest": {
                "length": 451.0,
                "function_hash": "139833213286453817508976882185220600292"
            },
            "id": "ASB-A-365739560-041a61df",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/4b380a97ede6c40299da3e6637f4c25452237bf9"
        },
        {
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "src/com/android/settings/users/AppRestrictionsFragment.java",
                "function": "onReceive"
            },
            "signature_version": "v1",
            "digest": {
                "length": 923.0,
                "function_hash": "44664639594184004527381814604213714195"
            },
            "id": "ASB-A-365739560-2edf8beb",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/4b380a97ede6c40299da3e6637f4c25452237bf9"
        },
        {
            "signature_type": "Line",
            "deprecated": false,
            "target": {
                "file": "src/com/android/settings/users/AppRestrictionsFragment.java"
            },
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "226258992788408103768241656125646477489",
                    "151749678647308287184408583869206112276",
                    "32874708126785652610071324256384515293",
                    "142720510984991299874127682360591830670",
                    "238594068523129572717643131955295196712",
                    "65439622675099890104196857984663533821",
                    "32149523897884140014765625018284241268",
                    "31745228343486687015715975030408161151",
                    "285861665528246234849188350692803170265",
                    "195505780198854931865378430470304767688",
                    "30620144862055094913309642984484790709",
                    "172038091581725465188235125294497104040",
                    "332676715799252123219664180927578214086",
                    "256864482524894738248441823773669892375",
                    "152756306830895543643303987982768735873",
                    "83011365851368182460669908916017953360",
                    "320351620476754738044930245546768903412",
                    "70599665159709680621007106450376463716"
                ]
            },
            "id": "ASB-A-365739560-85b8826c",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/4b380a97ede6c40299da3e6637f4c25452237bf9"
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/4b380a97ede6c40299da3e6637f4c25452237bf9"
    ],
    "spl": "2025-09-01"
}