ASB-A-370958259

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-370958259.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-370958259
Aliases
  • A-370958259
  • CVE-2025-0080
Published
2025-03-01T00:00:00Z
Modified
2025-03-21T20:50:43Z
Summary
[none]
Details

In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15-next:0
Fixed
15-next:2025-03-01

Affected versions

Other

15-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "106852290312809516895377641684996428641",
                    "100619307944333955550393411756035339383",
                    "253671319467356316573877843325206305148",
                    "194305148853903854519207401895473405000",
                    "164618263518515534571435835108085346840",
                    "117242953883748989660592205141705532966",
                    "322276312425168391457092955602260976032",
                    "82791985082628779718638862041003667333"
                ]
            },
            "id": "ASB-A-370958259-15063416",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b1612955cb7fb2f69f1e04d437bb7fabd411ff7c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/PackageInstaller/src/com/android/packageinstaller/UnarchiveActivity.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1595.0,
                "function_hash": "237969592052963635730934805885314022583"
            },
            "id": "ASB-A-370958259-86d7bb7a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b1612955cb7fb2f69f1e04d437bb7fabd411ff7c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/PackageInstaller/src/com/android/packageinstaller/UnarchiveActivity.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 537.0,
                "function_hash": "323308802861785688109354783023765293940"
            },
            "id": "ASB-A-370958259-9c9d11ac",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b1612955cb7fb2f69f1e04d437bb7fabd411ff7c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/PackageInstaller/src/com/android/packageinstaller/UnarchiveFragment.java",
                "function": "onCreateDialog"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "34647006730598393968881487632720217521",
                    "220837909846715867234019510086613959071",
                    "112944296168326975797965234027075705758",
                    "268955711874604927044415729134364870134",
                    "104335380940393650208967793504429997267",
                    "227051776264705071281256115035437909817",
                    "74088909021720321535169830157439491633",
                    "188813712324366316321383523893347649282",
                    "155842730872581119733874838446406534715",
                    "200236479055803650491839492661848229957"
                ]
            },
            "id": "ASB-A-370958259-f65c7aee",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b1612955cb7fb2f69f1e04d437bb7fabd411ff7c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/PackageInstaller/src/com/android/packageinstaller/UnarchiveFragment.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/b1612955cb7fb2f69f1e04d437bb7fabd411ff7c"
    ],
    "spl": "2025-03-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15:0
Fixed
15:2025-03-01

Affected versions

Other

15

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/799842233276351680f47420d8754f381dcbf86f"
    ],
    "spl": "2025-03-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}