ASB-A-382064697
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-382064697.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-382064697
- Aliases
-
- A-382064697
- CVE-2025-22442
- Published
- 2025-04-01T00:00:00Z
- Modified
- 2025-10-16T15:26:20.871763Z
- Summary
- [none]
- Details
-
In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/73b54cdf4b70831c4f952d7556274609cb46214e"
],
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/pm/UserRestrictionsUtils.java"
},
"id": "ASB-A-382064697-4a117887",
"digest": {
"line_hashes": [
"174228757297823701920680957584731676623",
"166053393031591928948773641824388247265",
"9990876026229777043179608973513179347",
"106701537664105913920276549471934026419"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/73b54cdf4b70831c4f952d7556274609cb46214e"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "maybeSetDefaultRestrictionsForAdminLocked"
},
"id": "ASB-A-382064697-57662703",
"digest": {
"length": 585.0,
"function_hash": "43705205980507122883841721036154879849"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/73b54cdf4b70831c4f952d7556274609cb46214e"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"
},
"id": "ASB-A-382064697-5e07e35b",
"digest": {
"line_hashes": [
"211601366272437661702297477758595127233",
"301647004348719132627837136196104149432",
"171651002856259250430475358606164368881",
"75860860137678555008779187628510043152",
"209012513319277403194127929833174849709",
"259585910838315443098635112997050882773",
"116250089348093595036040322505212825642",
"309109170120678965827502837765623948383",
"258442153241993590594655303302790217479",
"153269852780798303387034453402776492980",
"313330816297560210036813979477794096851",
"135697686923970732804020943249493012377",
"226367982520377085424516939470711875624",
"49774658792218453547861132852751678997",
"221489397448192158586721076801650424095",
"94776618913450816050629701049683028700",
"81629392541359886776958493542756584125",
"78695932896753832658305982620015855507",
"291583578611445269561935557909942464728",
"296503738037062459419108238187145530940",
"158514294911809061231287391213728583404",
"98287820103712727010314192052204609374",
"292147122359403623709237959488040430438",
"178534460224201609432423572120631853230",
"23275847615953170536064997547282817108",
"247759875458591983770200823479184769243"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/73b54cdf4b70831c4f952d7556274609cb46214e"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "setProfileOwner"
},
"id": "ASB-A-382064697-aeab8a6f",
"digest": {
"length": 1689.0,
"function_hash": "193661644486428553974174657300114049996"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/73b54cdf4b70831c4f952d7556274609cb46214e"
}
],
"spl": "2025-04-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/a44611648b44ceee8e2337dfba92398475c72602"
],
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "maybeSetDefaultRestrictionsForAdminLocked"
},
"id": "ASB-A-382064697-44017203",
"digest": {
"length": 585.0,
"function_hash": "43705205980507122883841721036154879849"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a44611648b44ceee8e2337dfba92398475c72602"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"
},
"id": "ASB-A-382064697-82af94a6",
"digest": {
"line_hashes": [
"211601366272437661702297477758595127233",
"301647004348719132627837136196104149432",
"171651002856259250430475358606164368881",
"75860860137678555008779187628510043152",
"209012513319277403194127929833174849709",
"259585910838315443098635112997050882773",
"116250089348093595036040322505212825642",
"309109170120678965827502837765623948383",
"258442153241993590594655303302790217479",
"153269852780798303387034453402776492980",
"226367982520377085424516939470711875624",
"49774658792218453547861132852751678997",
"221489397448192158586721076801650424095",
"94776618913450816050629701049683028700",
"81629392541359886776958493542756584125",
"78695932896753832658305982620015855507",
"291583578611445269561935557909942464728",
"296503738037062459419108238187145530940",
"158514294911809061231287391213728583404",
"98287820103712727010314192052204609374",
"158005560851213027205094130665553963515",
"292147122359403623709237959488040430438",
"178534460224201609432423572120631853230",
"23275847615953170536064997547282817108",
"317329749179854947103627529056427991213",
"30843884384107971596093652099174749351",
"83186519832807817036239290864287224999",
"88111248641408989997727808645549706619",
"105135349804760838859480469610730392589",
"214581546429340174269340982897025786731",
"12187984363723189465463342294546725804",
"270333302221302137678939208514218429899",
"180839746610351261037055012321275883736"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a44611648b44ceee8e2337dfba92398475c72602"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "setProfileOwner"
},
"id": "ASB-A-382064697-d695f481",
"digest": {
"length": 1689.0,
"function_hash": "193661644486428553974174657300114049996"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a44611648b44ceee8e2337dfba92398475c72602"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/pm/UserRestrictionsUtils.java"
},
"id": "ASB-A-382064697-dd1f232c",
"digest": {
"line_hashes": [
"174228757297823701920680957584731676623",
"166053393031591928948773641824388247265",
"9990876026229777043179608973513179347",
"106701537664105913920276549471934026419"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a44611648b44ceee8e2337dfba92398475c72602"
}
],
"spl": "2025-04-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/3298a1c9eb899d02e532f5dcf88904640a626dcd"
],
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/pm/UserRestrictionsUtils.java"
},
"id": "ASB-A-382064697-62395ba2",
"digest": {
"line_hashes": [
"174740854798690214126788789090856177660",
"166053393031591928948773641824388247265",
"9990876026229777043179608973513179347",
"106701537664105913920276549471934026419"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3298a1c9eb899d02e532f5dcf88904640a626dcd"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "setProfileOwner"
},
"id": "ASB-A-382064697-827d78b2",
"digest": {
"length": 1750.0,
"function_hash": "256915122483112032631842963060505819517"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3298a1c9eb899d02e532f5dcf88904640a626dcd"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"
},
"id": "ASB-A-382064697-d09efdca",
"digest": {
"line_hashes": [
"291583578611445269561935557909942464728",
"296503738037062459419108238187145530940",
"158514294911809061231287391213728583404",
"98287820103712727010314192052204609374",
"178116190491935801741022538980948668131",
"3632709971270381768446466391988682670",
"178534460224201609432423572120631853230",
"23275847615953170536064997547282817108"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3298a1c9eb899d02e532f5dcf88904640a626dcd"
}
],
"spl": "2025-04-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/3461e84908b46b6fe82ac391d43a43f23c0b1d3e"
],
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/pm/UserRestrictionsUtils.java"
},
"id": "ASB-A-382064697-33acc0e9",
"digest": {
"line_hashes": [
"174740854798690214126788789090856177660",
"166053393031591928948773641824388247265",
"9990876026229777043179608973513179347",
"106701537664105913920276549471934026419"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3461e84908b46b6fe82ac391d43a43f23c0b1d3e"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "setProfileOwner"
},
"id": "ASB-A-382064697-3ec545f4",
"digest": {
"length": 1689.0,
"function_hash": "193661644486428553974174657300114049996"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3461e84908b46b6fe82ac391d43a43f23c0b1d3e"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "maybeSetDefaultRestrictionsForAdminLocked"
},
"id": "ASB-A-382064697-aa178968",
"digest": {
"length": 1316.0,
"function_hash": "231660579289647503963139516182423864106"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3461e84908b46b6fe82ac391d43a43f23c0b1d3e"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"
},
"id": "ASB-A-382064697-c1993316",
"digest": {
"line_hashes": [
"301647004348719132627837136196104149432",
"171651002856259250430475358606164368881",
"75860860137678555008779187628510043152",
"209012513319277403194127929833174849709",
"259585910838315443098635112997050882773",
"281673096974574409275494803355379365347",
"251952504042566247092865509184528434718",
"120874203442128454828331778972329819460",
"203772879959230802723164153469157948810",
"153269852780798303387034453402776492980",
"226367982520377085424516939470711875624",
"65795926874887476572601771324829416483",
"221489397448192158586721076801650424095",
"84903153805957041935943271536524479521",
"332602434432119254089007118279801820936",
"276335132352405047764515656095674093426",
"285344466011992154265502619542567011058",
"102247363442575667089891064398912569622",
"111827409839927081348565152396669612853",
"268425307930606534682239213148938084056",
"156920063840151877829729948034638804812",
"106100840107326956602525444232617607783",
"148512609280788871275438295900427547516",
"173055917130650995473912102069013677141",
"295771643638861572748672039150242344628",
"170133949688991512311164554674369529633",
"196626601298104855230068356905273387024",
"244641413697832512691357152282064653269",
"128410809801738803618807358728397606414",
"335166751759765342455922530471990183597",
"330931133275299300028110130367029032294",
"14659523756819756017716944910770339987",
"38658485857823243395279310013116591744",
"291583578611445269561935557909942464728",
"296503738037062459419108238187145530940",
"158514294911809061231287391213728583404",
"98287820103712727010314192052204609374",
"158005560851213027205094130665553963515",
"292147122359403623709237959488040430438",
"178534460224201609432423572120631853230",
"23275847615953170536064997547282817108",
"247759875458591983770200823479184769243",
"317329749179854947103627529056427991213",
"30843884384107971596093652099174749351",
"83186519832807817036239290864287224999",
"88111248641408989997727808645549706619",
"105135349804760838859480469610730392589",
"214581546429340174269340982897025786731",
"12187984363723189465463342294546725804",
"270333302221302137678939208514218429899",
"180839746610351261037055012321275883736"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3461e84908b46b6fe82ac391d43a43f23c0b1d3e"
}
],
"spl": "2025-04-01"
}