ASB-A-376462130
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-376462130.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-376462130
- Aliases
-
- A-376462130
- CVE-2025-48628
- Published
- 2025-12-01T00:00:00Z
- Modified
- 2026-03-30T15:20:36.199724Z
- Summary
- [none]
- Details
-
In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"ID"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/8d40513846ee77a70f17e392ef9a9fc4ac254e44"
],
"spl": "2025-12-01",
"vanir_signatures": [
{
"match_only_versions": [
"16-qpr2-next"
],
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "services/print/java/com/android/server/print/PrintManagerService.java",
"function": "getCustomPrinterIcon"
},
"id": "ASB-A-376462130-0a38c95e",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d40513846ee77a70f17e392ef9a9fc4ac254e44",
"digest": {
"function_hash": "17249994753077639583033949548719826913",
"length": 409.0
}
},
{
"match_only_versions": [
"16-qpr2-next"
],
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "services/print/java/com/android/server/print/PrintManagerService.java",
"function": "validateIconUserBoundary"
},
"id": "ASB-A-376462130-125a52bc",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d40513846ee77a70f17e392ef9a9fc4ac254e44",
"digest": {
"function_hash": "290683506610434064182548965051157555946",
"length": 418.0
}
},
{
"match_only_versions": [
"16-qpr2-next"
],
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "services/print/java/com/android/server/print/PrintManagerService.java"
},
"id": "ASB-A-376462130-54a73260",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d40513846ee77a70f17e392ef9a9fc4ac254e44",
"digest": {
"line_hashes": [
"292900562621289740165420360404681557470",
"254099383506272289078753119801457610562",
"8382420818903945909209296020667851894",
"129683185035301515800774035555900214112",
"144560406316237555514227971642960103123",
"121105015756870451983729303139400869049",
"12269312763036055637149775830685397506",
"51811925028379738733337479477147646550",
"49500282240160882735559372883360427948",
"319036711419564305351481126382329700162",
"22661505689850662044910177952232580203",
"145885833340027824153593893073583880482",
"117468171825901057644599160768166851910",
"62742841881505187972688201711196593492",
"74461250732356118188887879969476741519",
"137670604389648603397218284702580283826",
"208874961437982392320854375011095638438",
"9691820914408264737673435619125331401",
"248831598884452038878466996390314643165",
"339088883008861142350381993397367025083",
"165229237223858835770527078230508195854",
"43693651672511506419582617180681485734",
"108587633537507210242609878158511307392"
],
"threshold": 0.9
}
}
],
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"ID"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/b42b179508127b2a762e1cee23cc7ad6ec4bb31f"
],
"spl": "2025-12-01",
"vanir_signatures": [
{
"match_only_versions": [
"15"
],
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "services/print/java/com/android/server/print/PrintManagerService.java",
"function": "validateIconUserBoundary"
},
"id": "ASB-A-376462130-0e383348",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/b42b179508127b2a762e1cee23cc7ad6ec4bb31f",
"digest": {
"function_hash": "290683506610434064182548965051157555946",
"length": 418.0
}
},
{
"match_only_versions": [
"15"
],
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "services/print/java/com/android/server/print/PrintManagerService.java",
"function": "getCustomPrinterIcon"
},
"id": "ASB-A-376462130-7de154b7",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/b42b179508127b2a762e1cee23cc7ad6ec4bb31f",
"digest": {
"function_hash": "17249994753077639583033949548719826913",
"length": 409.0
}
},
{
"match_only_versions": [
"15"
],
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "services/print/java/com/android/server/print/PrintManagerService.java"
},
"id": "ASB-A-376462130-a577f1b5",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/b42b179508127b2a762e1cee23cc7ad6ec4bb31f",
"digest": {
"line_hashes": [
"292900562621289740165420360404681557470",
"254099383506272289078753119801457610562",
"8382420818903945909209296020667851894",
"129683185035301515800774035555900214112",
"144560406316237555514227971642960103123",
"121105015756870451983729303139400869049",
"12269312763036055637149775830685397506",
"51811925028379738733337479477147646550",
"49500282240160882735559372883360427948",
"319036711419564305351481126382329700162",
"22661505689850662044910177952232580203",
"145885833340027824153593893073583880482",
"117468171825901057644599160768166851910",
"62742841881505187972688201711196593492",
"74461250732356118188887879969476741519",
"137670604389648603397218284702580283826",
"208874961437982392320854375011095638438",
"9691820914408264737673435619125331401",
"248831598884452038878466996390314643165",
"339088883008861142350381993397367025083",
"165229237223858835770527078230508195854",
"43693651672511506419582617180681485734",
"108587633537507210242609878158511307392"
],
"threshold": 0.9
}
}
],
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"ID"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/c9d76c20e720a567459156c06f858d5e27674706"
],
"spl": "2025-12-01",
"vanir_signatures": [
{
"match_only_versions": [
"16"
],
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "services/print/java/com/android/server/print/PrintManagerService.java",
"function": "validateIconUserBoundary"
},
"id": "ASB-A-376462130-02c71736",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/c9d76c20e720a567459156c06f858d5e27674706",
"digest": {
"function_hash": "290683506610434064182548965051157555946",
"length": 418.0
}
},
{
"match_only_versions": [
"16"
],
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "services/print/java/com/android/server/print/PrintManagerService.java",
"function": "getCustomPrinterIcon"
},
"id": "ASB-A-376462130-3943e459",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/c9d76c20e720a567459156c06f858d5e27674706",
"digest": {
"function_hash": "17249994753077639583033949548719826913",
"length": 409.0
}
},
{
"match_only_versions": [
"16"
],
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "services/print/java/com/android/server/print/PrintManagerService.java"
},
"id": "ASB-A-376462130-c766847e",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/c9d76c20e720a567459156c06f858d5e27674706",
"digest": {
"line_hashes": [
"292900562621289740165420360404681557470",
"254099383506272289078753119801457610562",
"8382420818903945909209296020667851894",
"129683185035301515800774035555900214112",
"144560406316237555514227971642960103123",
"121105015756870451983729303139400869049",
"12269312763036055637149775830685397506",
"51811925028379738733337479477147646550",
"49500282240160882735559372883360427948",
"319036711419564305351481126382329700162",
"22661505689850662044910177952232580203",
"145885833340027824153593893073583880482",
"117468171825901057644599160768166851910",
"62742841881505187972688201711196593492",
"74461250732356118188887879969476741519",
"137670604389648603397218284702580283826",
"208874961437982392320854375011095638438",
"9691820914408264737673435619125331401",
"248831598884452038878466996390314643165",
"339088883008861142350381993397367025083",
"165229237223858835770527078230508195854",
"43693651672511506419582617180681485734",
"108587633537507210242609878158511307392"
],
"threshold": 0.9
}
}
],
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"ID"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/572633308c9d114387ae88127a38888c2e6d2bd3"
],
"spl": "2025-12-01",
"vanir_signatures": [
{
"match_only_versions": [
"13"
],
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "services/print/java/com/android/server/print/PrintManagerService.java",
"function": "validateIconUserBoundary"
},
"id": "ASB-A-376462130-16de701b",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/572633308c9d114387ae88127a38888c2e6d2bd3",
"digest": {
"function_hash": "290683506610434064182548965051157555946",
"length": 418.0
}
},
{
"match_only_versions": [
"13"
],
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "services/print/java/com/android/server/print/PrintManagerService.java",
"function": "getCustomPrinterIcon"
},
"id": "ASB-A-376462130-685e61a7",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/572633308c9d114387ae88127a38888c2e6d2bd3",
"digest": {
"function_hash": "17249994753077639583033949548719826913",
"length": 409.0
}
},
{
"match_only_versions": [
"13"
],
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "services/print/java/com/android/server/print/PrintManagerService.java"
},
"id": "ASB-A-376462130-e55d7535",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/572633308c9d114387ae88127a38888c2e6d2bd3",
"digest": {
"line_hashes": [
"292900562621289740165420360404681557470",
"254099383506272289078753119801457610562",
"8382420818903945909209296020667851894",
"129683185035301515800774035555900214112",
"144560406316237555514227971642960103123",
"121105015756870451983729303139400869049",
"12269312763036055637149775830685397506",
"51811925028379738733337479477147646550",
"49500282240160882735559372883360427948",
"319036711419564305351481126382329700162",
"22661505689850662044910177952232580203",
"145885833340027824153593893073583880482",
"117468171825901057644599160768166851910",
"62742841881505187972688201711196593492",
"74461250732356118188887879969476741519",
"137670604389648603397218284702580283826",
"208874961437982392320854375011095638438",
"9691820914408264737673435619125331401",
"248831598884452038878466996390314643165",
"339088883008861142350381993397367025083",
"165229237223858835770527078230508195854",
"43693651672511506419582617180681485734",
"108587633537507210242609878158511307392"
],
"threshold": 0.9
}
}
],
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"ID"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/6bc3fb05b7ad52345356536a1c6a1d6c3d9f4358"
],
"spl": "2025-12-01",
"vanir_signatures": [
{
"match_only_versions": [
"14"
],
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "services/print/java/com/android/server/print/PrintManagerService.java"
},
"id": "ASB-A-376462130-1d8b81ac",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc3fb05b7ad52345356536a1c6a1d6c3d9f4358",
"digest": {
"line_hashes": [
"292900562621289740165420360404681557470",
"254099383506272289078753119801457610562",
"8382420818903945909209296020667851894",
"129683185035301515800774035555900214112",
"144560406316237555514227971642960103123",
"121105015756870451983729303139400869049",
"12269312763036055637149775830685397506",
"51811925028379738733337479477147646550",
"49500282240160882735559372883360427948",
"319036711419564305351481126382329700162",
"22661505689850662044910177952232580203",
"145885833340027824153593893073583880482",
"117468171825901057644599160768166851910",
"62742841881505187972688201711196593492",
"74461250732356118188887879969476741519",
"137670604389648603397218284702580283826",
"208874961437982392320854375011095638438",
"9691820914408264737673435619125331401",
"248831598884452038878466996390314643165",
"339088883008861142350381993397367025083",
"165229237223858835770527078230508195854",
"43693651672511506419582617180681485734",
"108587633537507210242609878158511307392"
],
"threshold": 0.9
}
},
{
"match_only_versions": [
"14"
],
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "services/print/java/com/android/server/print/PrintManagerService.java",
"function": "validateIconUserBoundary"
},
"id": "ASB-A-376462130-3fa35c98",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc3fb05b7ad52345356536a1c6a1d6c3d9f4358",
"digest": {
"function_hash": "290683506610434064182548965051157555946",
"length": 418.0
}
},
{
"match_only_versions": [
"14"
],
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "services/print/java/com/android/server/print/PrintManagerService.java",
"function": "getCustomPrinterIcon"
},
"id": "ASB-A-376462130-89748572",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc3fb05b7ad52345356536a1c6a1d6c3d9f4358",
"digest": {
"function_hash": "17249994753077639583033949548719826913",
"length": 409.0
}
}
],
"severity": "High"
}