ASB-A-376462130

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-376462130.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-376462130
Aliases
  • A-376462130
  • CVE-2025-48628
Published
2025-12-01T00:00:00Z
Modified
2025-12-11T17:03:20.587631Z
Summary
[none]
Details

In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16-qpr2-next:0
Fixed
16-qpr2-next:2025-12-01

Affected versions

Other

16-qpr2-next

Ecosystem specific 

{
    "spl": "2025-12-01",
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/8d40513846ee77a70f17e392ef9a9fc4ac254e44",
            "id": "ASB-A-376462130-0a38c95e",
            "digest": {
                "function_hash": "17249994753077639583033949548719826913",
                "length": 409.0
            },
            "target": {
                "file": "services/print/java/com/android/server/print/PrintManagerService.java",
                "function": "getCustomPrinterIcon"
            },
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/8d40513846ee77a70f17e392ef9a9fc4ac254e44",
            "id": "ASB-A-376462130-125a52bc",
            "digest": {
                "function_hash": "290683506610434064182548965051157555946",
                "length": 418.0
            },
            "target": {
                "file": "services/print/java/com/android/server/print/PrintManagerService.java",
                "function": "validateIconUserBoundary"
            },
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/8d40513846ee77a70f17e392ef9a9fc4ac254e44",
            "id": "ASB-A-376462130-54a73260",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "292900562621289740165420360404681557470",
                    "254099383506272289078753119801457610562",
                    "8382420818903945909209296020667851894",
                    "129683185035301515800774035555900214112",
                    "144560406316237555514227971642960103123",
                    "121105015756870451983729303139400869049",
                    "12269312763036055637149775830685397506",
                    "51811925028379738733337479477147646550",
                    "49500282240160882735559372883360427948",
                    "319036711419564305351481126382329700162",
                    "22661505689850662044910177952232580203",
                    "145885833340027824153593893073583880482",
                    "117468171825901057644599160768166851910",
                    "62742841881505187972688201711196593492",
                    "74461250732356118188887879969476741519",
                    "137670604389648603397218284702580283826",
                    "208874961437982392320854375011095638438",
                    "9691820914408264737673435619125331401",
                    "248831598884452038878466996390314643165",
                    "339088883008861142350381993397367025083",
                    "165229237223858835770527078230508195854",
                    "43693651672511506419582617180681485734",
                    "108587633537507210242609878158511307392"
                ]
            },
            "target": {
                "file": "services/print/java/com/android/server/print/PrintManagerService.java"
            },
            "signature_type": "Line",
            "deprecated": false
        }
    ],
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/8d40513846ee77a70f17e392ef9a9fc4ac254e44"
    ],
    "types": [
        "ID"
    ]
}

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15:0
Fixed
15:2025-12-01

Affected versions

Other

15

Ecosystem specific 

{
    "spl": "2025-12-01",
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b42b179508127b2a762e1cee23cc7ad6ec4bb31f",
            "id": "ASB-A-376462130-0e383348",
            "digest": {
                "function_hash": "290683506610434064182548965051157555946",
                "length": 418.0
            },
            "target": {
                "file": "services/print/java/com/android/server/print/PrintManagerService.java",
                "function": "validateIconUserBoundary"
            },
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b42b179508127b2a762e1cee23cc7ad6ec4bb31f",
            "id": "ASB-A-376462130-7de154b7",
            "digest": {
                "function_hash": "17249994753077639583033949548719826913",
                "length": 409.0
            },
            "target": {
                "file": "services/print/java/com/android/server/print/PrintManagerService.java",
                "function": "getCustomPrinterIcon"
            },
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b42b179508127b2a762e1cee23cc7ad6ec4bb31f",
            "id": "ASB-A-376462130-a577f1b5",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "292900562621289740165420360404681557470",
                    "254099383506272289078753119801457610562",
                    "8382420818903945909209296020667851894",
                    "129683185035301515800774035555900214112",
                    "144560406316237555514227971642960103123",
                    "121105015756870451983729303139400869049",
                    "12269312763036055637149775830685397506",
                    "51811925028379738733337479477147646550",
                    "49500282240160882735559372883360427948",
                    "319036711419564305351481126382329700162",
                    "22661505689850662044910177952232580203",
                    "145885833340027824153593893073583880482",
                    "117468171825901057644599160768166851910",
                    "62742841881505187972688201711196593492",
                    "74461250732356118188887879969476741519",
                    "137670604389648603397218284702580283826",
                    "208874961437982392320854375011095638438",
                    "9691820914408264737673435619125331401",
                    "248831598884452038878466996390314643165",
                    "339088883008861142350381993397367025083",
                    "165229237223858835770527078230508195854",
                    "43693651672511506419582617180681485734",
                    "108587633537507210242609878158511307392"
                ]
            },
            "target": {
                "file": "services/print/java/com/android/server/print/PrintManagerService.java"
            },
            "signature_type": "Line",
            "deprecated": false
        }
    ],
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/b42b179508127b2a762e1cee23cc7ad6ec4bb31f"
    ],
    "types": [
        "ID"
    ]
}

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16:0
Fixed
16:2025-12-01

Affected versions

Other

16

Ecosystem specific 

{
    "spl": "2025-12-01",
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c9d76c20e720a567459156c06f858d5e27674706",
            "id": "ASB-A-376462130-02c71736",
            "digest": {
                "function_hash": "290683506610434064182548965051157555946",
                "length": 418.0
            },
            "target": {
                "file": "services/print/java/com/android/server/print/PrintManagerService.java",
                "function": "validateIconUserBoundary"
            },
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c9d76c20e720a567459156c06f858d5e27674706",
            "id": "ASB-A-376462130-3943e459",
            "digest": {
                "function_hash": "17249994753077639583033949548719826913",
                "length": 409.0
            },
            "target": {
                "file": "services/print/java/com/android/server/print/PrintManagerService.java",
                "function": "getCustomPrinterIcon"
            },
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c9d76c20e720a567459156c06f858d5e27674706",
            "id": "ASB-A-376462130-c766847e",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "292900562621289740165420360404681557470",
                    "254099383506272289078753119801457610562",
                    "8382420818903945909209296020667851894",
                    "129683185035301515800774035555900214112",
                    "144560406316237555514227971642960103123",
                    "121105015756870451983729303139400869049",
                    "12269312763036055637149775830685397506",
                    "51811925028379738733337479477147646550",
                    "49500282240160882735559372883360427948",
                    "319036711419564305351481126382329700162",
                    "22661505689850662044910177952232580203",
                    "145885833340027824153593893073583880482",
                    "117468171825901057644599160768166851910",
                    "62742841881505187972688201711196593492",
                    "74461250732356118188887879969476741519",
                    "137670604389648603397218284702580283826",
                    "208874961437982392320854375011095638438",
                    "9691820914408264737673435619125331401",
                    "248831598884452038878466996390314643165",
                    "339088883008861142350381993397367025083",
                    "165229237223858835770527078230508195854",
                    "43693651672511506419582617180681485734",
                    "108587633537507210242609878158511307392"
                ]
            },
            "target": {
                "file": "services/print/java/com/android/server/print/PrintManagerService.java"
            },
            "signature_type": "Line",
            "deprecated": false
        }
    ],
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/c9d76c20e720a567459156c06f858d5e27674706"
    ],
    "types": [
        "ID"
    ]
}

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2025-12-01

Affected versions

Other

13

Ecosystem specific 

{
    "spl": "2025-12-01",
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/572633308c9d114387ae88127a38888c2e6d2bd3",
            "id": "ASB-A-376462130-16de701b",
            "digest": {
                "function_hash": "290683506610434064182548965051157555946",
                "length": 418.0
            },
            "target": {
                "file": "services/print/java/com/android/server/print/PrintManagerService.java",
                "function": "validateIconUserBoundary"
            },
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/572633308c9d114387ae88127a38888c2e6d2bd3",
            "id": "ASB-A-376462130-685e61a7",
            "digest": {
                "function_hash": "17249994753077639583033949548719826913",
                "length": 409.0
            },
            "target": {
                "file": "services/print/java/com/android/server/print/PrintManagerService.java",
                "function": "getCustomPrinterIcon"
            },
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/572633308c9d114387ae88127a38888c2e6d2bd3",
            "id": "ASB-A-376462130-e55d7535",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "292900562621289740165420360404681557470",
                    "254099383506272289078753119801457610562",
                    "8382420818903945909209296020667851894",
                    "129683185035301515800774035555900214112",
                    "144560406316237555514227971642960103123",
                    "121105015756870451983729303139400869049",
                    "12269312763036055637149775830685397506",
                    "51811925028379738733337479477147646550",
                    "49500282240160882735559372883360427948",
                    "319036711419564305351481126382329700162",
                    "22661505689850662044910177952232580203",
                    "145885833340027824153593893073583880482",
                    "117468171825901057644599160768166851910",
                    "62742841881505187972688201711196593492",
                    "74461250732356118188887879969476741519",
                    "137670604389648603397218284702580283826",
                    "208874961437982392320854375011095638438",
                    "9691820914408264737673435619125331401",
                    "248831598884452038878466996390314643165",
                    "339088883008861142350381993397367025083",
                    "165229237223858835770527078230508195854",
                    "43693651672511506419582617180681485734",
                    "108587633537507210242609878158511307392"
                ]
            },
            "target": {
                "file": "services/print/java/com/android/server/print/PrintManagerService.java"
            },
            "signature_type": "Line",
            "deprecated": false
        }
    ],
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/572633308c9d114387ae88127a38888c2e6d2bd3"
    ],
    "types": [
        "ID"
    ]
}

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2025-12-01

Affected versions

Other

14

Ecosystem specific 

{
    "spl": "2025-12-01",
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6bc3fb05b7ad52345356536a1c6a1d6c3d9f4358",
            "id": "ASB-A-376462130-1d8b81ac",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "292900562621289740165420360404681557470",
                    "254099383506272289078753119801457610562",
                    "8382420818903945909209296020667851894",
                    "129683185035301515800774035555900214112",
                    "144560406316237555514227971642960103123",
                    "121105015756870451983729303139400869049",
                    "12269312763036055637149775830685397506",
                    "51811925028379738733337479477147646550",
                    "49500282240160882735559372883360427948",
                    "319036711419564305351481126382329700162",
                    "22661505689850662044910177952232580203",
                    "145885833340027824153593893073583880482",
                    "117468171825901057644599160768166851910",
                    "62742841881505187972688201711196593492",
                    "74461250732356118188887879969476741519",
                    "137670604389648603397218284702580283826",
                    "208874961437982392320854375011095638438",
                    "9691820914408264737673435619125331401",
                    "248831598884452038878466996390314643165",
                    "339088883008861142350381993397367025083",
                    "165229237223858835770527078230508195854",
                    "43693651672511506419582617180681485734",
                    "108587633537507210242609878158511307392"
                ]
            },
            "target": {
                "file": "services/print/java/com/android/server/print/PrintManagerService.java"
            },
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6bc3fb05b7ad52345356536a1c6a1d6c3d9f4358",
            "id": "ASB-A-376462130-3fa35c98",
            "digest": {
                "function_hash": "290683506610434064182548965051157555946",
                "length": 418.0
            },
            "target": {
                "file": "services/print/java/com/android/server/print/PrintManagerService.java",
                "function": "validateIconUserBoundary"
            },
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6bc3fb05b7ad52345356536a1c6a1d6c3d9f4358",
            "id": "ASB-A-376462130-89748572",
            "digest": {
                "function_hash": "17249994753077639583033949548719826913",
                "length": 409.0
            },
            "target": {
                "file": "services/print/java/com/android/server/print/PrintManagerService.java",
                "function": "getCustomPrinterIcon"
            },
            "signature_type": "Function",
            "deprecated": false
        }
    ],
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/6bc3fb05b7ad52345356536a1c6a1d6c3d9f4358"
    ],
    "types": [
        "ID"
    ]
}