ASB-A-370962373

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-370962373.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-370962373

Aliases

A-370962373
CVE-2025-0099

Published

2025-02-01T00:00:00Z

Modified

2026-06-11T14:59:52.052110020Z

Summary

[none]

Details

In multiple functions of CompanionDeviceManagerService.java, there is a possible way to grant permissions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15-next:0

Fixed

15-next:2025-02-01

Affected versions

Other

15-next

Ecosystem specific

{
    "types": [
        "EoP"
    ],
    "spl": "2025-02-01",
    "vanir_signatures": [
        {
            "id": "ASB-A-370962373-4d8f6a46",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java",
                "function": "getBackupPayload"
            },
            "deprecated": false,
            "signature_type": "Function",
            "digest": {
                "function_hash": "4240526573347741701383026480308334057",
                "length": 88.0
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/692cddfb32abae6c77b00c4850fd36b7eaaf8c70",
            "signature_version": "v1"
        },
        {
            "id": "ASB-A-370962373-8d778d54",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java",
                "function": "applyRestoredPayload"
            },
            "deprecated": false,
            "digest": {
                "function_hash": "80749470785317375633430002806464151928",
                "length": 103.0
            },
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/692cddfb32abae6c77b00c4850fd36b7eaaf8c70",
            "signature_version": "v1"
        },
        {
            "id": "ASB-A-370962373-c33fc108",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "335960718412907313367981356592162676942",
                    "263110392768386747985260879713506925328",
                    "332552674595931601156312424344457584492",
                    "236120831168666863532369763580178696761",
                    "265220646878657219400273228719965943057",
                    "330360416465372736820418429089610892518",
                    "316352562444567643242223542801087355968",
                    "191425971114102596495062438571726966520"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/692cddfb32abae6c77b00c4850fd36b7eaaf8c70",
            "signature_version": "v1"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/692cddfb32abae6c77b00c4850fd36b7eaaf8c70"
    ],
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-370962373.json"