ASB-A-368579654

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-368579654.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-368579654
Aliases
  • A-368579654
  • CVE-2025-22427
Published
2025-04-01T00:00:00Z
Modified
2025-10-16T15:26:20.871763Z
Summary
[none]
Details

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android

platform/packages/apps/Settings

Package

Name
platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15-next:0
Fixed
15-next:2025-04-01

Affected versions

Other

15-next

Ecosystem specific 

{
    "severity": "High",
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/e0510a62eba04140e459cdd8232f35087aa3073b"
    ],
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "src/com/android/settings/notification/NotificationAccessConfirmationActivity.java",
                "function": "onResume"
            },
            "signature_version": "v1",
            "digest": {
                "length": 150.0,
                "function_hash": "152491628019347033603108498272129690993"
            },
            "id": "ASB-A-368579654-a8796688",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/e0510a62eba04140e459cdd8232f35087aa3073b"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "src/com/android/settings/notification/NotificationAccessConfirmationActivity.java"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "182406899371089276968772861962409962225",
                    "18667552456110097476006100751115697760",
                    "58556086388370174162335450170874195399",
                    "82223097250831989202073821678705009138",
                    "278580168040252423585676024963933112499",
                    "185994664878209836163354010463277212969",
                    "313510924206706034109978639283945300260",
                    "10483646070535809996839636999891958416",
                    "280101618976838517571389457581797782146",
                    "110397190611182553138128194454172647694",
                    "277360658493102168218717805717606365827",
                    "102713302900656141844023384942279959637",
                    "306858075372273438258919299450667223789",
                    "212352700153393542678356668804643101829",
                    "59776608235116714015936706412046134471",
                    "302237659860109888592571963495401023936",
                    "203222567798565149871069076554845286579",
                    "285658978204143824377573422968042470976",
                    "310019452172566304540818858299454229364"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-368579654-c34e7e7b",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/e0510a62eba04140e459cdd8232f35087aa3073b"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "src/com/android/settings/notification/NotificationAccessConfirmationActivity.java",
                "function": "onPause"
            },
            "signature_version": "v1",
            "digest": {
                "length": 150.0,
                "function_hash": "154103499203376154732330182285847602469"
            },
            "id": "ASB-A-368579654-ff916a21",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/e0510a62eba04140e459cdd8232f35087aa3073b"
        }
    ],
    "spl": "2025-04-01"
}

platform/packages/apps/Settings

Package

Name
platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15:0
Fixed
15:2025-04-01

Affected versions

Other

15

Ecosystem specific 

{
    "severity": "High",
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/4b2cf3f23788ec210863757217ead902ee1f3bb4"
    ],
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "src/com/android/settings/notification/NotificationAccessConfirmationActivity.java",
                "function": "onResume"
            },
            "signature_version": "v1",
            "digest": {
                "length": 150.0,
                "function_hash": "152491628019347033603108498272129690993"
            },
            "id": "ASB-A-368579654-186be376",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/4b2cf3f23788ec210863757217ead902ee1f3bb4"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "src/com/android/settings/notification/NotificationAccessConfirmationActivity.java"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "182406899371089276968772861962409962225",
                    "18667552456110097476006100751115697760",
                    "58556086388370174162335450170874195399",
                    "82223097250831989202073821678705009138",
                    "278580168040252423585676024963933112499",
                    "185994664878209836163354010463277212969",
                    "313510924206706034109978639283945300260",
                    "10483646070535809996839636999891958416",
                    "280101618976838517571389457581797782146",
                    "110397190611182553138128194454172647694",
                    "277360658493102168218717805717606365827",
                    "102713302900656141844023384942279959637",
                    "306858075372273438258919299450667223789",
                    "212352700153393542678356668804643101829",
                    "59776608235116714015936706412046134471",
                    "302237659860109888592571963495401023936",
                    "203222567798565149871069076554845286579",
                    "285658978204143824377573422968042470976",
                    "310019452172566304540818858299454229364"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-368579654-db4d9030",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/4b2cf3f23788ec210863757217ead902ee1f3bb4"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "src/com/android/settings/notification/NotificationAccessConfirmationActivity.java",
                "function": "onPause"
            },
            "signature_version": "v1",
            "digest": {
                "length": 150.0,
                "function_hash": "154103499203376154732330182285847602469"
            },
            "id": "ASB-A-368579654-df0f68be",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/4b2cf3f23788ec210863757217ead902ee1f3bb4"
        }
    ],
    "spl": "2025-04-01"
}

platform/packages/apps/Settings

Package

Name
platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2025-04-01

Affected versions

Other

13

Ecosystem specific 

{
    "severity": "High",
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/2a6672dd33d6430da0f240fd600f7379ac301588"
    ],
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "src/com/android/settings/notification/NotificationAccessConfirmationActivity.java",
                "function": "onResume"
            },
            "signature_version": "v1",
            "digest": {
                "length": 150.0,
                "function_hash": "152491628019347033603108498272129690993"
            },
            "id": "ASB-A-368579654-2c1bfbdf",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/2a6672dd33d6430da0f240fd600f7379ac301588"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "src/com/android/settings/notification/NotificationAccessConfirmationActivity.java"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "182406899371089276968772861962409962225",
                    "18667552456110097476006100751115697760",
                    "58556086388370174162335450170874195399",
                    "44112267781912914714274056490075461669",
                    "278580168040252423585676024963933112499",
                    "185994664878209836163354010463277212969",
                    "313510924206706034109978639283945300260",
                    "10483646070535809996839636999891958416",
                    "280101618976838517571389457581797782146",
                    "110397190611182553138128194454172647694",
                    "277360658493102168218717805717606365827",
                    "102713302900656141844023384942279959637",
                    "306858075372273438258919299450667223789",
                    "212352700153393542678356668804643101829",
                    "59776608235116714015936706412046134471",
                    "302237659860109888592571963495401023936",
                    "203222567798565149871069076554845286579",
                    "285658978204143824377573422968042470976",
                    "310019452172566304540818858299454229364"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-368579654-900718d2",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/2a6672dd33d6430da0f240fd600f7379ac301588"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "src/com/android/settings/notification/NotificationAccessConfirmationActivity.java",
                "function": "onPause"
            },
            "signature_version": "v1",
            "digest": {
                "length": 150.0,
                "function_hash": "154103499203376154732330182285847602469"
            },
            "id": "ASB-A-368579654-d389a588",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/2a6672dd33d6430da0f240fd600f7379ac301588"
        }
    ],
    "spl": "2025-04-01"
}

platform/packages/apps/Settings

Package

Name
platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2025-04-01

Affected versions

Other

14

Ecosystem specific 

{
    "severity": "High",
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/c97cd9e805f9c347db5152553fdd1c4004a558b3"
    ],
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "src/com/android/settings/notification/NotificationAccessConfirmationActivity.java"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "182406899371089276968772861962409962225",
                    "18667552456110097476006100751115697760",
                    "58556086388370174162335450170874195399",
                    "44112267781912914714274056490075461669",
                    "278580168040252423585676024963933112499",
                    "185994664878209836163354010463277212969",
                    "313510924206706034109978639283945300260",
                    "10483646070535809996839636999891958416",
                    "280101618976838517571389457581797782146",
                    "110397190611182553138128194454172647694",
                    "277360658493102168218717805717606365827",
                    "102713302900656141844023384942279959637",
                    "306858075372273438258919299450667223789",
                    "212352700153393542678356668804643101829",
                    "59776608235116714015936706412046134471",
                    "302237659860109888592571963495401023936",
                    "203222567798565149871069076554845286579",
                    "285658978204143824377573422968042470976",
                    "310019452172566304540818858299454229364"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-368579654-83d1c687",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/c97cd9e805f9c347db5152553fdd1c4004a558b3"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "src/com/android/settings/notification/NotificationAccessConfirmationActivity.java",
                "function": "onPause"
            },
            "signature_version": "v1",
            "digest": {
                "length": 150.0,
                "function_hash": "154103499203376154732330182285847602469"
            },
            "id": "ASB-A-368579654-9c35dc5f",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/c97cd9e805f9c347db5152553fdd1c4004a558b3"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "src/com/android/settings/notification/NotificationAccessConfirmationActivity.java",
                "function": "onResume"
            },
            "signature_version": "v1",
            "digest": {
                "length": 150.0,
                "function_hash": "152491628019347033603108498272129690993"
            },
            "id": "ASB-A-368579654-cb7e3db0",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/c97cd9e805f9c347db5152553fdd1c4004a558b3"
        }
    ],
    "spl": "2025-04-01"
}