ASB-A-379695596
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-379695596.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-379695596
- Aliases
-
- A-379695596
- CVE-2026-0010
- Published
- 2026-03-01T00:00:00Z
- Modified
- 2026-03-02T17:41:32.926854Z
- Summary
- [none]
- Details
-
In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/av
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/358b3457706b53f63ea10e9905e953e2c9c37f31"
],
"severity": "High",
"spl": "2026-03-01",
"vanir_signatures": [
{
"target": {
"file": "drm/common/IDrmManagerService.cpp",
"function": "BnDrmManagerService::onTransact"
},
"digest": {
"length": 18206.0,
"function_hash": "254484530803293232433988124470089576972"
},
"signature_type": "Function",
"id": "ASB-A-379695596-2da73c8a",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/358b3457706b53f63ea10e9905e953e2c9c37f31",
"match_only_versions": [
"16-qpr2-next"
]
},
{
"target": {
"file": "drm/common/IDrmManagerService.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"193005296291010323106917966324247588790",
"294466828348999483103759003124382967705",
"87468087055771253729697964708624710120",
"64567366025305510261695894161190484659",
"275190152303307488874954423272887243061",
"114712313609923601026331383590958799121",
"219516882649605358681653722298635745789"
]
},
"signature_type": "Line",
"id": "ASB-A-379695596-df82e5a4",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/358b3457706b53f63ea10e9905e953e2c9c37f31",
"match_only_versions": [
"16-qpr2-next"
]
}
],
"types": [
"EoP"
]
}
Android / platform/frameworks/av
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/7c5d19a1ae1f6762e2b52372a64d161fea6195fa"
],
"severity": "High",
"spl": "2026-03-01",
"vanir_signatures": [
{
"target": {
"file": "drm/common/IDrmManagerService.cpp",
"function": "BnDrmManagerService::onTransact"
},
"digest": {
"length": 18206.0,
"function_hash": "254484530803293232433988124470089576972"
},
"signature_type": "Function",
"id": "ASB-A-379695596-933de1cd",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/7c5d19a1ae1f6762e2b52372a64d161fea6195fa",
"match_only_versions": [
"15"
]
},
{
"target": {
"file": "drm/common/IDrmManagerService.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"193005296291010323106917966324247588790",
"294466828348999483103759003124382967705",
"87468087055771253729697964708624710120",
"64567366025305510261695894161190484659",
"275190152303307488874954423272887243061",
"114712313609923601026331383590958799121",
"219516882649605358681653722298635745789"
]
},
"signature_type": "Line",
"id": "ASB-A-379695596-d4d47418",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/7c5d19a1ae1f6762e2b52372a64d161fea6195fa",
"match_only_versions": [
"15"
]
}
],
"types": [
"EoP"
]
}
Android / platform/frameworks/av
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/5dd95d00af9a58840fd842b75fc0876dc356d917"
],
"severity": "High",
"spl": "2026-03-01",
"vanir_signatures": [
{
"target": {
"file": "drm/common/IDrmManagerService.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"193005296291010323106917966324247588790",
"294466828348999483103759003124382967705",
"87468087055771253729697964708624710120",
"64567366025305510261695894161190484659",
"275190152303307488874954423272887243061",
"114712313609923601026331383590958799121",
"219516882649605358681653722298635745789"
]
},
"signature_type": "Line",
"id": "ASB-A-379695596-5acd6e01",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/5dd95d00af9a58840fd842b75fc0876dc356d917",
"match_only_versions": [
"16"
]
},
{
"target": {
"file": "drm/common/IDrmManagerService.cpp",
"function": "BnDrmManagerService::onTransact"
},
"digest": {
"length": 18206.0,
"function_hash": "254484530803293232433988124470089576972"
},
"signature_type": "Function",
"id": "ASB-A-379695596-de534b22",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/5dd95d00af9a58840fd842b75fc0876dc356d917",
"match_only_versions": [
"16"
]
}
],
"types": [
"EoP"
]
}
Android / platform/frameworks/av
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/8e588440e4b5bc982e6906b547c204a7d4282c16"
],
"severity": "High",
"spl": "2026-03-01",
"vanir_signatures": [
{
"target": {
"file": "drm/common/IDrmManagerService.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"193005296291010323106917966324247588790",
"294466828348999483103759003124382967705",
"87468087055771253729697964708624710120",
"64567366025305510261695894161190484659",
"275190152303307488874954423272887243061",
"114712313609923601026331383590958799121",
"219516882649605358681653722298635745789"
]
},
"signature_type": "Line",
"id": "ASB-A-379695596-16b20d5f",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/8e588440e4b5bc982e6906b547c204a7d4282c16",
"match_only_versions": [
"14"
]
},
{
"id": "ASB-A-379695596-a1ab5b03",
"digest": {
"length": 18209.0,
"function_hash": "150644367776923948850731846212645917637"
},
"signature_type": "Function",
"target": {
"file": "drm/common/IDrmManagerService.cpp",
"function": "BnDrmManagerService::onTransact"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/8e588440e4b5bc982e6906b547c204a7d4282c16",
"deprecated": false
}
],
"types": [
"EoP"
]
}