ASB-A-384727394

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-384727394.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-384727394
Aliases
  • A-384727394
  • CVE-2025-48528
Published
2025-09-01T00:00:00Z
Modified
2025-10-13T15:01:54.398779Z
Summary
[none]
Details

In multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16-next:0
Fixed
16-next:2025-09-01

Affected versions

Other

16-next

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 956.0,
                "function_hash": "69301699828823724891187928542389067497"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/47fd897138eb2c9ee3a25ca35970d34178226f6a",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/biometrics/UdfpsController.java",
                "function": "showUdfpsOverlay"
            },
            "id": "ASB-A-384727394-62b5aa17",
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 800.0,
                "function_hash": "332593243100057279692902577768442988355"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/47fd897138eb2c9ee3a25ca35970d34178226f6a",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthContainerView.java",
                "function": "getLayoutParams"
            },
            "id": "ASB-A-384727394-675cb61b",
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 3155.0,
                "function_hash": "316586920930916737287289716637898606439"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/47fd897138eb2c9ee3a25ca35970d34178226f6a",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/biometrics/UdfpsController.java",
                "function": "UdfpsController"
            },
            "id": "ASB-A-384727394-75be1942",
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "10683005620314396847310811769687630384",
                    "163790618875576043912509106561576039462",
                    "194317204552682116711483485279934712733",
                    "222450927402315196400171784608777330045"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/47fd897138eb2c9ee3a25ca35970d34178226f6a",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthContainerView.java"
            },
            "id": "ASB-A-384727394-82c9b74f",
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "266903516084921326911442738138616380188",
                    "165942496643209102952725870653790667988",
                    "44690985772981978781219549786688046365",
                    "294859059122486576470547524190154404530",
                    "216352195697057715189632258604529450941",
                    "156923680568690848989084063993093988054",
                    "234423477679850712897087047938838275726",
                    "79800938046039531536472113661747311729",
                    "191005977176117953109985619894551636958",
                    "323024142042787881176150282542990210233",
                    "37792234365331431404840823058264106399",
                    "243025914530171688859003580625790969270",
                    "154537546777614112562929901147592246103",
                    "9658019869539598771137392518367044755",
                    "331661852895166690350414378088001025166",
                    "299239962748552208481163095667130255554",
                    "247633217503596357854888552992470052498",
                    "42162167146113767644612741936253336247",
                    "215915712450477873580152616077119360257",
                    "255463280400531355457066443047215144795",
                    "177433948302590336561153650314545706437",
                    "39492150746942544797126724915061225593",
                    "250980115117704618043994825469859365319",
                    "18622724462956156294346786425525592919",
                    "337524639394102383755803865709269776168",
                    "281341535729162572086263689698075653653",
                    "181242236060736724237162494820758127962",
                    "250664085071141483568776230502954664875",
                    "146799950753991865771560649133231976770",
                    "30952201092154501446974486883687837218",
                    "170485211976451326416512146485071510476",
                    "308619932104380222260562891354108017353",
                    "53637563197731141491145478264933992036",
                    "93630378340604475985430027772442822582",
                    "54216784928586912451546386653342262752",
                    "277643822891542876184727218289777397497",
                    "133616244479509086344595475885118252217",
                    "279306171532948885785380592078815180248",
                    "215310272436259419319950559139192121589",
                    "266374154225182438894477606877517514215",
                    "75497755079854535772603337048350296016",
                    "136340940372707114781247467171377714681",
                    "238918898115951034728376932949271013091",
                    "82921456159189922169755025883044763670",
                    "115355358118288917488443942941884834312",
                    "34343066045720112896859997945757391445"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/47fd897138eb2c9ee3a25ca35970d34178226f6a",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/biometrics/UdfpsController.java"
            },
            "id": "ASB-A-384727394-82dd410f",
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 878.0,
                "function_hash": "329422496681991091346208342763543592668"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/47fd897138eb2c9ee3a25ca35970d34178226f6a",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/biometrics/UdfpsController.java",
                "function": "showUdfpsOverlay"
            },
            "id": "ASB-A-384727394-ee71ee68",
            "signature_type": "Function"
        }
    ],
    "severity": "High",
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/47fd897138eb2c9ee3a25ca35970d34178226f6a"
    ],
    "spl": "2025-09-01"
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15:0
Fixed
15:2025-09-01

Affected versions

Other

15

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "29193109854917669027885757101816595185",
                    "152201149347497538027660628101749814406",
                    "231206855784135085592323554225631373277",
                    "85306533525560171598560081189593683190",
                    "105802707243425413756350629447725488999",
                    "251329235619566523546306099007675238838",
                    "335613928613807191564642590059722026865",
                    "278074086080610917502137167153338670943",
                    "119261699085676617890794276551669926723",
                    "10683005620314396847310811769687630384",
                    "163790618875576043912509106561576039462",
                    "194317204552682116711483485279934712733",
                    "222450927402315196400171784608777330045"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/8d8f677744d51a894c175d07beead9a31b635d33",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthContainerView.java"
            },
            "id": "ASB-A-384727394-095723d2",
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 772.0,
                "function_hash": "156773066460170964586690322201394581246"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/8d8f677744d51a894c175d07beead9a31b635d33",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthContainerView.java",
                "function": "getLayoutParams"
            },
            "id": "ASB-A-384727394-4cde9abb",
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1274.0,
                "function_hash": "116553826048209539677740353613512480395"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/8d8f677744d51a894c175d07beead9a31b635d33",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthContainerView.java",
                "function": "onAttachedToWindow"
            },
            "id": "ASB-A-384727394-dff2d56e",
            "signature_type": "Function"
        }
    ],
    "severity": "High",
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/8d8f677744d51a894c175d07beead9a31b635d33"
    ],
    "spl": "2025-09-01"
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16:0
Fixed
16:2025-09-01

Affected versions

Other

16

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "10683005620314396847310811769687630384",
                    "163790618875576043912509106561576039462",
                    "194317204552682116711483485279934712733",
                    "222450927402315196400171784608777330045"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bb0c52b2e7fd73c2456a54f6f988caeec8e44e98",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthContainerView.java"
            },
            "id": "ASB-A-384727394-01fd7ef1",
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 956.0,
                "function_hash": "69301699828823724891187928542389067497"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bb0c52b2e7fd73c2456a54f6f988caeec8e44e98",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/biometrics/UdfpsController.java",
                "function": "showUdfpsOverlay"
            },
            "id": "ASB-A-384727394-4b960c73",
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 878.0,
                "function_hash": "329422496681991091346208342763543592668"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bb0c52b2e7fd73c2456a54f6f988caeec8e44e98",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/biometrics/UdfpsController.java",
                "function": "showUdfpsOverlay"
            },
            "id": "ASB-A-384727394-675d4f3c",
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "266903516084921326911442738138616380188",
                    "165942496643209102952725870653790667988",
                    "44690985772981978781219549786688046365",
                    "294859059122486576470547524190154404530",
                    "216352195697057715189632258604529450941",
                    "156923680568690848989084063993093988054",
                    "234423477679850712897087047938838275726",
                    "79800938046039531536472113661747311729",
                    "191005977176117953109985619894551636958",
                    "323024142042787881176150282542990210233",
                    "37792234365331431404840823058264106399",
                    "243025914530171688859003580625790969270",
                    "154537546777614112562929901147592246103",
                    "9658019869539598771137392518367044755",
                    "331661852895166690350414378088001025166",
                    "299239962748552208481163095667130255554",
                    "247633217503596357854888552992470052498",
                    "42162167146113767644612741936253336247",
                    "215915712450477873580152616077119360257",
                    "255463280400531355457066443047215144795",
                    "177433948302590336561153650314545706437",
                    "39492150746942544797126724915061225593",
                    "250980115117704618043994825469859365319",
                    "18622724462956156294346786425525592919",
                    "337524639394102383755803865709269776168",
                    "281341535729162572086263689698075653653",
                    "181242236060736724237162494820758127962",
                    "250664085071141483568776230502954664875",
                    "146799950753991865771560649133231976770",
                    "30952201092154501446974486883687837218",
                    "170485211976451326416512146485071510476",
                    "308619932104380222260562891354108017353",
                    "53637563197731141491145478264933992036",
                    "93630378340604475985430027772442822582",
                    "54216784928586912451546386653342262752",
                    "277643822891542876184727218289777397497",
                    "133616244479509086344595475885118252217",
                    "279306171532948885785380592078815180248",
                    "215310272436259419319950559139192121589",
                    "266374154225182438894477606877517514215",
                    "75497755079854535772603337048350296016",
                    "136340940372707114781247467171377714681",
                    "238918898115951034728376932949271013091",
                    "82921456159189922169755025883044763670",
                    "115355358118288917488443942941884834312",
                    "34343066045720112896859997945757391445"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bb0c52b2e7fd73c2456a54f6f988caeec8e44e98",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/biometrics/UdfpsController.java"
            },
            "id": "ASB-A-384727394-8417cb5a",
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 3155.0,
                "function_hash": "316586920930916737287289716637898606439"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bb0c52b2e7fd73c2456a54f6f988caeec8e44e98",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/biometrics/UdfpsController.java",
                "function": "UdfpsController"
            },
            "id": "ASB-A-384727394-c6e2b505",
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 800.0,
                "function_hash": "332593243100057279692902577768442988355"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bb0c52b2e7fd73c2456a54f6f988caeec8e44e98",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthContainerView.java",
                "function": "getLayoutParams"
            },
            "id": "ASB-A-384727394-efac1ade",
            "signature_type": "Function"
        }
    ],
    "severity": "High",
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/bb0c52b2e7fd73c2456a54f6f988caeec8e44e98"
    ],
    "spl": "2025-09-01"
}