ASB-A-378900798
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-378900798.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-378900798
- Aliases
-
- A-378900798
- CVE-2025-22434
- Published
- 2025-04-01T00:00:00Z
- Modified
- 2026-04-24T15:37:38.793646Z
- Summary
- [none]
- Details
-
In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"28959012149391887303789223419682196407",
"215127324013538836164832943935517447144",
"122346560820462425574650886488120941592",
"141147856498508908974573375085630678132",
"82978871960677067790497560000903917110",
"318962236996577307363230580472724364961",
"310334583965931542305255613790248446481",
"240426481127596124219141509960202155400"
]
},
"id": "ASB-A-378900798-71cbfaba",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/d615298466085c4a88c6733804160e0c1ee7e31e",
"target": {
"file": "services/tests/wmtests/src/com/android/server/policy/TestPhoneWindowManager.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"5828766274388516397566572745948822464",
"124632940938700056805077162839905099998",
"182912203242445935183955433600191947697",
"201858365207918023506002747891858575986",
"200726031119648814314848430492283690579",
"18898144419850499145640303968815291890",
"201253257454322719274508933938236405084",
"241777363525423794927680092799825515398",
"205707680570418314863727179338086639768",
"425236404571181564445548470422597295",
"148633512413854456895346780016781149739",
"284075078948593042391195242283249550160",
"192022396674133910526800760553630864562",
"39727040980124287229594313204547240278",
"221623086975130625870752093029597776387",
"80707218644163245194688901665023341486",
"242871270962377328135490985862290695100",
"73043268094597511653556206109848195832",
"326174678286568785741864515931416712752",
"37760316796022335458527079684903795326",
"4215683018465675134115717880758973220",
"145307013262920037754817676949053726931",
"108500933277267243668883735296037446108",
"105885099068052262622092640624525478891",
"219112832347519433113877361761481251523"
]
},
"id": "ASB-A-378900798-909dada6",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/d615298466085c4a88c6733804160e0c1ee7e31e",
"target": {
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
}
},
{
"digest": {
"length": 12701.0,
"function_hash": "66523745031589451048016083060354495390"
},
"id": "ASB-A-378900798-9efc74fe",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/d615298466085c4a88c6733804160e0c1ee7e31e",
"target": {
"function": "interceptSystemKeysAndShortcutsOld",
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
}
},
{
"digest": {
"length": 5646.0,
"function_hash": "174129089617097500984247160286301691920"
},
"id": "ASB-A-378900798-f740cbeb",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/d615298466085c4a88c6733804160e0c1ee7e31e",
"target": {
"function": "handleKeyGestureEvent",
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/d615298466085c4a88c6733804160e0c1ee7e31e"
],
"types": [
"EoP"
],
"spl": "2025-04-01",
"severity": "High"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 11747.0,
"function_hash": "281206938812453495773924118125475532002"
},
"id": "ASB-A-378900798-3e00b245",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e4d483a2ef99a71c6fcd6ad2e6c2f8f88ba380f4",
"target": {
"function": "interceptSystemKeysAndShortcuts",
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"5828766274388516397566572745948822464",
"124632940938700056805077162839905099998",
"185055474619527747241625598921442687391",
"322705238235269899514175635159589048835"
]
},
"id": "ASB-A-378900798-4a044bb8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e4d483a2ef99a71c6fcd6ad2e6c2f8f88ba380f4",
"target": {
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e4d483a2ef99a71c6fcd6ad2e6c2f8f88ba380f4"
],
"types": [
"EoP"
],
"spl": "2025-04-01",
"severity": "High"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 9261.0,
"function_hash": "310739601641574088625821270794126574556"
},
"id": "ASB-A-378900798-d7dc3cd8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/4eeb65a1f685f4bb6d5288b8e67ef92faf2cfeb4",
"target": {
"function": "interceptKeyBeforeDispatching",
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"297821185608581471747983514677418212304",
"241564979252892164497298041986132519504",
"22612875316046615395319571399059617069",
"235875679742249690051929597598037858457"
]
},
"id": "ASB-A-378900798-e56a5138",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/4eeb65a1f685f4bb6d5288b8e67ef92faf2cfeb4",
"target": {
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/4eeb65a1f685f4bb6d5288b8e67ef92faf2cfeb4"
],
"types": [
"EoP"
],
"spl": "2025-04-01",
"severity": "High"
}