ASB-A-376674080
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-376674080.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-376674080
- Aliases
-
- A-376674080
- CVE-2025-22433
- Published
- 2025-04-01T00:00:00Z
- Modified
- 2026-03-14T08:46:41.588077Z
- Summary
- [none]
- Details
-
In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/fc28861349e0113f807016501da3e1fd963b59fa"
],
"spl": "2025-04-01",
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/fc28861349e0113f807016501da3e1fd963b59fa",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-376674080-5a5af4cc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"272315054766198977916998930362022766053",
"94956721638095595850440073916332571735",
"127596389950424241640852283854762328154",
"243808298363554650561914272829004564498",
"199318695082334660464065629614507436500",
"299251961005239740638893050973849176132",
"10966957274687876772395222551899636367",
"276143734316442551958971600813475721203",
"263657997376155031032916391809999356723",
"72144443615725659871105720073871114446",
"88077631052219947331781770417701950988",
"300140350644534793015382703814776008099",
"138547647886972503897567949414915895995",
"79741327705778124304482318083673691085",
"209419542000255431776790382986286263148",
"211485149562841275220965133536631100963",
"300485467481564919328871885355990303345",
"208289588266555547266947410577946680659",
"247314716390191501993732026413412066727",
"9770131127017789453360984133966400777",
"127862845237712349766911072431323508241"
]
},
"signature_type": "Line",
"target": {
"file": "core/java/com/android/internal/app/IntentForwarderActivity.java"
}
},
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/fc28861349e0113f807016501da3e1fd963b59fa",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-376674080-d8496c22",
"digest": {
"length": 657.0,
"function_hash": "131413870335382542287166952459432923646"
},
"signature_type": "Function",
"target": {
"file": "core/java/com/android/internal/app/IntentForwarderActivity.java",
"function": "canForward"
}
}
],
"severity": "High"
}platform/packages/modules/IntentResolver
Package
- Name
- platform/packages/modules/IntentResolver
Ecosystem specific
{
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/IntentResolver/+/85ef51a7a91de0e51dd65ce5f09badcd96835817"
],
"spl": "2025-04-01",
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/packages/modules/IntentResolver/+/85ef51a7a91de0e51dd65ce5f09badcd96835817",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-376674080-40dc016e",
"digest": {
"threshold": 0.9,
"line_hashes": [
"328030011589212845854843766181597588114",
"333094098340023844159921317985294671543",
"103061102945199891807860596233073316040",
"150191108184453091537282361825177813082",
"127017662009333721572346603798343021863",
"272315054766198977916998930362022766053",
"94956721638095595850440073916332571735",
"127596389950424241640852283854762328154",
"243808298363554650561914272829004564498",
"199318695082334660464065629614507436500",
"299251961005239740638893050973849176132",
"10966957274687876772395222551899636367",
"276143734316442551958971600813475721203",
"263657997376155031032916391809999356723",
"72144443615725659871105720073871114446",
"88077631052219947331781770417701950988",
"300140350644534793015382703814776008099",
"138547647886972503897567949414915895995",
"79741327705778124304482318083673691085",
"209419542000255431776790382986286263148",
"211485149562841275220965133536631100963",
"300485467481564919328871885355990303345",
"208289588266555547266947410577946680659",
"247314716390191501993732026413412066727",
"233612059339910635268808719044171150309",
"287896775564034518270885371971392160289"
]
},
"signature_type": "Line",
"target": {
"file": "java/src/com/android/intentresolver/IntentForwarderActivity.java"
}
},
{
"source": "https://android.googlesource.com/platform/packages/modules/IntentResolver/+/85ef51a7a91de0e51dd65ce5f09badcd96835817",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-376674080-923ed9ad",
"digest": {
"length": 657.0,
"function_hash": "131413870335382542287166952459432923646"
},
"signature_type": "Function",
"target": {
"file": "java/src/com/android/intentresolver/IntentForwarderActivity.java",
"function": "canForward"
}
}
],
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/dc7e4fffc58d535c6eaba6c382c8c89e35136389"
],
"spl": "2025-04-01",
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7e4fffc58d535c6eaba6c382c8c89e35136389",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-376674080-1ade4d6f",
"digest": {
"length": 657.0,
"function_hash": "131413870335382542287166952459432923646"
},
"signature_type": "Function",
"target": {
"file": "core/java/com/android/internal/app/IntentForwarderActivity.java",
"function": "canForward"
}
},
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7e4fffc58d535c6eaba6c382c8c89e35136389",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-376674080-59bc1f90",
"digest": {
"threshold": 0.9,
"line_hashes": [
"272315054766198977916998930362022766053",
"94956721638095595850440073916332571735",
"127596389950424241640852283854762328154",
"243808298363554650561914272829004564498",
"199318695082334660464065629614507436500",
"299251961005239740638893050973849176132",
"10966957274687876772395222551899636367",
"276143734316442551958971600813475721203",
"263657997376155031032916391809999356723",
"72144443615725659871105720073871114446",
"88077631052219947331781770417701950988",
"300140350644534793015382703814776008099",
"138547647886972503897567949414915895995",
"79741327705778124304482318083673691085",
"209419542000255431776790382986286263148",
"211485149562841275220965133536631100963",
"300485467481564919328871885355990303345",
"208289588266555547266947410577946680659",
"247314716390191501993732026413412066727",
"9770131127017789453360984133966400777",
"127862845237712349766911072431323508241"
]
},
"signature_type": "Line",
"target": {
"file": "core/java/com/android/internal/app/IntentForwarderActivity.java"
}
}
],
"severity": "High"
}platform/packages/modules/IntentResolver
Package
- Name
- platform/packages/modules/IntentResolver
Ecosystem specific
{
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/IntentResolver/+/d2eb1140ed9538f9a8b02f624740c685987bdbac"
],
"spl": "2025-04-01",
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/packages/modules/IntentResolver/+/d2eb1140ed9538f9a8b02f624740c685987bdbac",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-376674080-00f01448",
"digest": {
"length": 657.0,
"function_hash": "131413870335382542287166952459432923646"
},
"signature_type": "Function",
"target": {
"file": "java/src/com/android/intentresolver/IntentForwarderActivity.java",
"function": "canForward"
}
},
{
"source": "https://android.googlesource.com/platform/packages/modules/IntentResolver/+/d2eb1140ed9538f9a8b02f624740c685987bdbac",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-376674080-53d25f9d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"328030011589212845854843766181597588114",
"333094098340023844159921317985294671543",
"103061102945199891807860596233073316040",
"150191108184453091537282361825177813082",
"127017662009333721572346603798343021863",
"272315054766198977916998930362022766053",
"94956721638095595850440073916332571735",
"127596389950424241640852283854762328154",
"243808298363554650561914272829004564498",
"199318695082334660464065629614507436500",
"299251961005239740638893050973849176132",
"10966957274687876772395222551899636367",
"276143734316442551958971600813475721203",
"263657997376155031032916391809999356723",
"72144443615725659871105720073871114446",
"88077631052219947331781770417701950988",
"300140350644534793015382703814776008099",
"138547647886972503897567949414915895995",
"79741327705778124304482318083673691085",
"209419542000255431776790382986286263148",
"211485149562841275220965133536631100963",
"300485467481564919328871885355990303345",
"208289588266555547266947410577946680659",
"247314716390191501993732026413412066727",
"233612059339910635268808719044171150309",
"287896775564034518270885371971392160289"
]
},
"signature_type": "Line",
"target": {
"file": "java/src/com/android/intentresolver/IntentForwarderActivity.java"
}
}
],
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/15bfe7f3f1a495341cb54fd5f32cb89555ebcc2a"
],
"spl": "2025-04-01",
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/15bfe7f3f1a495341cb54fd5f32cb89555ebcc2a",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-376674080-08904f41",
"digest": {
"threshold": 0.9,
"line_hashes": [
"272315054766198977916998930362022766053",
"94956721638095595850440073916332571735",
"127596389950424241640852283854762328154",
"243808298363554650561914272829004564498",
"199318695082334660464065629614507436500",
"299251961005239740638893050973849176132",
"10966957274687876772395222551899636367",
"276143734316442551958971600813475721203",
"263657997376155031032916391809999356723",
"72144443615725659871105720073871114446",
"88077631052219947331781770417701950988",
"300140350644534793015382703814776008099",
"138547647886972503897567949414915895995",
"79741327705778124304482318083673691085",
"209419542000255431776790382986286263148",
"211485149562841275220965133536631100963",
"300485467481564919328871885355990303345",
"208289588266555547266947410577946680659",
"247314716390191501993732026413412066727",
"233612059339910635268808719044171150309",
"287896775564034518270885371971392160289"
]
},
"signature_type": "Line",
"target": {
"file": "core/java/com/android/internal/app/IntentForwarderActivity.java"
}
},
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/15bfe7f3f1a495341cb54fd5f32cb89555ebcc2a",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-376674080-199579ab",
"digest": {
"length": 657.0,
"function_hash": "131413870335382542287166952459432923646"
},
"signature_type": "Function",
"target": {
"file": "core/java/com/android/internal/app/IntentForwarderActivity.java",
"function": "canForward"
}
}
],
"severity": "High"
}platform/packages/modules/IntentResolver
Package
- Name
- platform/packages/modules/IntentResolver
Ecosystem specific
{
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/IntentResolver/+/a8dcd86bb23f693772d1a5203828ce1b9b5d3cdf"
],
"spl": "2025-04-01",
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/packages/modules/IntentResolver/+/a8dcd86bb23f693772d1a5203828ce1b9b5d3cdf",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-376674080-0919e469",
"digest": {
"length": 657.0,
"function_hash": "131413870335382542287166952459432923646"
},
"signature_type": "Function",
"target": {
"file": "java/src/com/android/intentresolver/IntentForwarderActivity.java",
"function": "canForward"
}
},
{
"source": "https://android.googlesource.com/platform/packages/modules/IntentResolver/+/a8dcd86bb23f693772d1a5203828ce1b9b5d3cdf",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-376674080-a205b9de",
"digest": {
"threshold": 0.9,
"line_hashes": [
"168808032716429101154387201939045698516",
"18907033862047412569197256696241508010",
"148858820517830690451795563298360416282",
"173615666830042717532082365758769135127",
"150191108184453091537282361825177813082",
"127017662009333721572346603798343021863",
"272315054766198977916998930362022766053",
"94956721638095595850440073916332571735",
"127596389950424241640852283854762328154",
"243808298363554650561914272829004564498",
"199318695082334660464065629614507436500",
"299251961005239740638893050973849176132",
"10966957274687876772395222551899636367",
"276143734316442551958971600813475721203",
"263657997376155031032916391809999356723",
"72144443615725659871105720073871114446",
"88077631052219947331781770417701950988",
"300140350644534793015382703814776008099",
"138547647886972503897567949414915895995",
"79741327705778124304482318083673691085",
"209419542000255431776790382986286263148",
"211485149562841275220965133536631100963",
"300485467481564919328871885355990303345",
"208289588266555547266947410577946680659",
"247314716390191501993732026413412066727",
"233612059339910635268808719044171150309",
"287896775564034518270885371971392160289"
]
},
"signature_type": "Line",
"target": {
"file": "java/src/com/android/intentresolver/IntentForwarderActivity.java"
}
}
],
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/60df29f18d32ddf64f99f1fd5240c879bc12a4ae"
],
"spl": "2025-04-01",
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/60df29f18d32ddf64f99f1fd5240c879bc12a4ae",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-376674080-50b5f996",
"digest": {
"length": 657.0,
"function_hash": "131413870335382542287166952459432923646"
},
"signature_type": "Function",
"target": {
"file": "core/java/com/android/internal/app/IntentForwarderActivity.java",
"function": "canForward"
}
},
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/60df29f18d32ddf64f99f1fd5240c879bc12a4ae",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-376674080-7a728706",
"digest": {
"threshold": 0.9,
"line_hashes": [
"272315054766198977916998930362022766053",
"94956721638095595850440073916332571735",
"127596389950424241640852283854762328154",
"243808298363554650561914272829004564498",
"199318695082334660464065629614507436500",
"299251961005239740638893050973849176132",
"10966957274687876772395222551899636367",
"276143734316442551958971600813475721203",
"263657997376155031032916391809999356723",
"72144443615725659871105720073871114446",
"88077631052219947331781770417701950988",
"300140350644534793015382703814776008099",
"138547647886972503897567949414915895995",
"79741327705778124304482318083673691085",
"209419542000255431776790382986286263148",
"211485149562841275220965133536631100963",
"300485467481564919328871885355990303345",
"208289588266555547266947410577946680659",
"247314716390191501993732026413412066727",
"9770131127017789453360984133966400777",
"127862845237712349766911072431323508241"
]
},
"signature_type": "Line",
"target": {
"file": "core/java/com/android/internal/app/IntentForwarderActivity.java"
}
}
],
"severity": "High"
}platform/packages/modules/IntentResolver
Package
- Name
- platform/packages/modules/IntentResolver
Ecosystem specific
{
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/IntentResolver/+/960e1eaf465efa97ef07bc9d9a24785b1f96eb98"
],
"spl": "2025-04-01",
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/packages/modules/IntentResolver/+/960e1eaf465efa97ef07bc9d9a24785b1f96eb98",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-376674080-21748e7d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"168808032716429101154387201939045698516",
"18907033862047412569197256696241508010",
"148858820517830690451795563298360416282",
"173615666830042717532082365758769135127",
"150191108184453091537282361825177813082",
"127017662009333721572346603798343021863",
"272315054766198977916998930362022766053",
"94956721638095595850440073916332571735",
"127596389950424241640852283854762328154",
"243808298363554650561914272829004564498",
"199318695082334660464065629614507436500",
"299251961005239740638893050973849176132",
"10966957274687876772395222551899636367",
"276143734316442551958971600813475721203",
"263657997376155031032916391809999356723",
"72144443615725659871105720073871114446",
"88077631052219947331781770417701950988",
"300140350644534793015382703814776008099",
"138547647886972503897567949414915895995",
"79741327705778124304482318083673691085",
"209419542000255431776790382986286263148",
"211485149562841275220965133536631100963",
"300485467481564919328871885355990303345",
"208289588266555547266947410577946680659",
"247314716390191501993732026413412066727",
"233612059339910635268808719044171150309",
"287896775564034518270885371971392160289"
]
},
"signature_type": "Line",
"target": {
"file": "java/src/com/android/intentresolver/IntentForwarderActivity.java"
}
},
{
"source": "https://android.googlesource.com/platform/packages/modules/IntentResolver/+/960e1eaf465efa97ef07bc9d9a24785b1f96eb98",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-376674080-d1697bdc",
"digest": {
"length": 657.0,
"function_hash": "131413870335382542287166952459432923646"
},
"signature_type": "Function",
"target": {
"file": "java/src/com/android/intentresolver/IntentForwarderActivity.java",
"function": "canForward"
}
}
],
"severity": "High"
}