ASB-A-383080440
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-383080440.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-383080440
- Aliases
-
- A-383080440
- CVE-2025-26452
- Published
- 2025-06-01T00:00:00Z
- Modified
- 2025-06-26T14:51:18.212593Z
- Summary
- [none]
- Details
-
In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"match_only_versions": [
"16-next"
],
"digest": {
"length": 128.0,
"function_hash": "302366377958737841105826066030451941814"
},
"id": "ASB-A-383080440-6dec3b90",
"source": "https://android.googlesource.com/platform/frameworks/base/+/12e49e7a4e56df4dce97f80051063f45e8366329",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/app/ResourcesManager.java",
"function": "overlayPathToIdmapPath"
},
"signature_type": "Function"
},
{
"digest": {
"length": 2147.0,
"function_hash": "170737210148046765503868115839854607973"
},
"id": "ASB-A-383080440-ec5fc01d",
"source": "https://android.googlesource.com/platform/frameworks/base/+/12e49e7a4e56df4dce97f80051063f45e8366329",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/content/res/ResourcesImpl.java",
"function": "loadDrawableForCookie"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"278612898363312133116596281562306632680",
"127752595642084618430372120396150799618",
"111349714115363387205197335069424543158",
"287343744169020493158913040420744318003",
"59587149499950042942530243573511868237",
"171055740057872187214972475201041343310",
"108674448048338131290289547941634429018",
"175953075435211722100163960562646964412"
]
},
"id": "ASB-A-383080440-f8902f93",
"source": "https://android.googlesource.com/platform/frameworks/base/+/12e49e7a4e56df4dce97f80051063f45e8366329",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/app/ResourcesManager.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"278137568367005064522073939807701354465",
"136516853288694642942077550319910692589",
"111161983671489352532935922247924486040",
"335172869098211592555544281669138186096",
"253022262588738185990163276230521945769",
"19833683735931779814117961250965352658",
"132195445436402799784144644215127859352",
"339586214599977275303256476415713255829",
"40547039475665745567004202107322798247",
"313956323210299805317391394912630880758",
"58080783549927857446827593027643735772",
"196940782235051198726391733068278746997"
]
},
"id": "ASB-A-383080440-fc69b56e",
"source": "https://android.googlesource.com/platform/frameworks/base/+/12e49e7a4e56df4dce97f80051063f45e8366329",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/content/res/ResourcesImpl.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/12e49e7a4e56df4dce97f80051063f45e8366329"
],
"spl": "2025-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 2147.0,
"function_hash": "170737210148046765503868115839854607973"
},
"id": "ASB-A-383080440-5f1d76d5",
"source": "https://android.googlesource.com/platform/frameworks/base/+/2de1592713696d56d160b14959ddf1fadfa256bf",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/content/res/ResourcesImpl.java",
"function": "loadDrawableForCookie"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"15"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"334638622433126471067189111576476221856",
"223151087782806112667992992784696869956",
"219501797107295260289399189271964702260",
"290188987086763958324837165201410355981",
"59587149499950042942530243573511868237",
"171055740057872187214972475201041343310",
"133230678999781434348425027764230835917",
"339585079440473761590071588723514971541"
]
},
"id": "ASB-A-383080440-7410b02e",
"source": "https://android.googlesource.com/platform/frameworks/base/+/2de1592713696d56d160b14959ddf1fadfa256bf",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/app/ResourcesManager.java"
},
"signature_type": "Line"
},
{
"match_only_versions": [
"15"
],
"digest": {
"length": 128.0,
"function_hash": "302366377958737841105826066030451941814"
},
"id": "ASB-A-383080440-b3258812",
"source": "https://android.googlesource.com/platform/frameworks/base/+/2de1592713696d56d160b14959ddf1fadfa256bf",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/app/ResourcesManager.java",
"function": "overlayPathToIdmapPath"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"278137568367005064522073939807701354465",
"136516853288694642942077550319910692589",
"111161983671489352532935922247924486040",
"335172869098211592555544281669138186096",
"253022262588738185990163276230521945769",
"19833683735931779814117961250965352658",
"132195445436402799784144644215127859352",
"339586214599977275303256476415713255829",
"40547039475665745567004202107322798247",
"313956323210299805317391394912630880758",
"58080783549927857446827593027643735772",
"196940782235051198726391733068278746997"
]
},
"id": "ASB-A-383080440-d4192103",
"source": "https://android.googlesource.com/platform/frameworks/base/+/2de1592713696d56d160b14959ddf1fadfa256bf",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/content/res/ResourcesImpl.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/2de1592713696d56d160b14959ddf1fadfa256bf"
],
"spl": "2025-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"match_only_versions": [
"14"
],
"digest": {
"length": 128.0,
"function_hash": "302366377958737841105826066030451941814"
},
"id": "ASB-A-383080440-0c47eac1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/2ff8b4aef08bbc1e84af35404846026eca3cbd5c",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/app/ResourcesManager.java",
"function": "overlayPathToIdmapPath"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"193538695188391609517026744151731390407",
"293402991944039278828489530765797128211",
"272540874156039003051819665366724482245",
"156411806556529448444656332384462532491",
"278137568367005064522073939807701354465",
"136516853288694642942077550319910692589",
"111161983671489352532935922247924486040",
"335172869098211592555544281669138186096",
"253022262588738185990163276230521945769",
"19833683735931779814117961250965352658",
"132195445436402799784144644215127859352",
"339586214599977275303256476415713255829",
"40547039475665745567004202107322798247",
"313956323210299805317391394912630880758",
"58080783549927857446827593027643735772",
"196940782235051198726391733068278746997"
]
},
"id": "ASB-A-383080440-46a9558c",
"source": "https://android.googlesource.com/platform/frameworks/base/+/2ff8b4aef08bbc1e84af35404846026eca3cbd5c",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/content/res/ResourcesImpl.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 2147.0,
"function_hash": "170737210148046765503868115839854607973"
},
"id": "ASB-A-383080440-5805259c",
"source": "https://android.googlesource.com/platform/frameworks/base/+/2ff8b4aef08bbc1e84af35404846026eca3cbd5c",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/content/res/ResourcesImpl.java",
"function": "loadDrawableForCookie"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"14"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"334638622433126471067189111576476221856",
"223151087782806112667992992784696869956",
"219501797107295260289399189271964702260",
"290188987086763958324837165201410355981",
"59587149499950042942530243573511868237",
"171055740057872187214972475201041343310",
"133230678999781434348425027764230835917",
"339585079440473761590071588723514971541"
]
},
"id": "ASB-A-383080440-bd181f67",
"source": "https://android.googlesource.com/platform/frameworks/base/+/2ff8b4aef08bbc1e84af35404846026eca3cbd5c",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/app/ResourcesManager.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/2ff8b4aef08bbc1e84af35404846026eca3cbd5c"
],
"spl": "2025-06-01",
"severity": "High",
"types": [
"EoP"
]
}