ASB-A-384727394
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-384727394.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-384727394
- Aliases
-
- A-384727394
- CVE-2025-48528
- Published
- 2025-09-01T00:00:00Z
- Modified
- 2026-03-10T16:25:28.307330Z
- Summary
- [none]
- Details
-
In multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"target": {
"function": "showUdfpsOverlay",
"file": "packages/SystemUI/src/com/android/systemui/biometrics/UdfpsController.java"
},
"id": "ASB-A-384727394-62b5aa17",
"digest": {
"function_hash": "69301699828823724891187928542389067497",
"length": 956.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/47fd897138eb2c9ee3a25ca35970d34178226f6a",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"function": "getLayoutParams",
"file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthContainerView.java"
},
"id": "ASB-A-384727394-675cb61b",
"digest": {
"function_hash": "332593243100057279692902577768442988355",
"length": 800.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/47fd897138eb2c9ee3a25ca35970d34178226f6a",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"function": "UdfpsController",
"file": "packages/SystemUI/src/com/android/systemui/biometrics/UdfpsController.java"
},
"id": "ASB-A-384727394-75be1942",
"digest": {
"function_hash": "316586920930916737287289716637898606439",
"length": 3155.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/47fd897138eb2c9ee3a25ca35970d34178226f6a",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthContainerView.java"
},
"id": "ASB-A-384727394-82c9b74f",
"digest": {
"line_hashes": [
"10683005620314396847310811769687630384",
"163790618875576043912509106561576039462",
"194317204552682116711483485279934712733",
"222450927402315196400171784608777330045"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/47fd897138eb2c9ee3a25ca35970d34178226f6a",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"file": "packages/SystemUI/src/com/android/systemui/biometrics/UdfpsController.java"
},
"id": "ASB-A-384727394-82dd410f",
"digest": {
"line_hashes": [
"266903516084921326911442738138616380188",
"165942496643209102952725870653790667988",
"44690985772981978781219549786688046365",
"294859059122486576470547524190154404530",
"216352195697057715189632258604529450941",
"156923680568690848989084063993093988054",
"234423477679850712897087047938838275726",
"79800938046039531536472113661747311729",
"191005977176117953109985619894551636958",
"323024142042787881176150282542990210233",
"37792234365331431404840823058264106399",
"243025914530171688859003580625790969270",
"154537546777614112562929901147592246103",
"9658019869539598771137392518367044755",
"331661852895166690350414378088001025166",
"299239962748552208481163095667130255554",
"247633217503596357854888552992470052498",
"42162167146113767644612741936253336247",
"215915712450477873580152616077119360257",
"255463280400531355457066443047215144795",
"177433948302590336561153650314545706437",
"39492150746942544797126724915061225593",
"250980115117704618043994825469859365319",
"18622724462956156294346786425525592919",
"337524639394102383755803865709269776168",
"281341535729162572086263689698075653653",
"181242236060736724237162494820758127962",
"250664085071141483568776230502954664875",
"146799950753991865771560649133231976770",
"30952201092154501446974486883687837218",
"170485211976451326416512146485071510476",
"308619932104380222260562891354108017353",
"53637563197731141491145478264933992036",
"93630378340604475985430027772442822582",
"54216784928586912451546386653342262752",
"277643822891542876184727218289777397497",
"133616244479509086344595475885118252217",
"279306171532948885785380592078815180248",
"215310272436259419319950559139192121589",
"266374154225182438894477606877517514215",
"75497755079854535772603337048350296016",
"136340940372707114781247467171377714681",
"238918898115951034728376932949271013091",
"82921456159189922169755025883044763670",
"115355358118288917488443942941884834312",
"34343066045720112896859997945757391445"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/47fd897138eb2c9ee3a25ca35970d34178226f6a",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"function": "showUdfpsOverlay",
"file": "packages/SystemUI/src/com/android/systemui/biometrics/UdfpsController.java"
},
"id": "ASB-A-384727394-ee71ee68",
"digest": {
"function_hash": "329422496681991091346208342763543592668",
"length": 878.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/47fd897138eb2c9ee3a25ca35970d34178226f6a",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
}
],
"types": [
"EoP"
],
"spl": "2025-09-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/47fd897138eb2c9ee3a25ca35970d34178226f6a"
],
"severity": "High"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"target": {
"file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthContainerView.java"
},
"id": "ASB-A-384727394-095723d2",
"digest": {
"line_hashes": [
"29193109854917669027885757101816595185",
"152201149347497538027660628101749814406",
"231206855784135085592323554225631373277",
"85306533525560171598560081189593683190",
"105802707243425413756350629447725488999",
"251329235619566523546306099007675238838",
"335613928613807191564642590059722026865",
"278074086080610917502137167153338670943",
"119261699085676617890794276551669926723",
"10683005620314396847310811769687630384",
"163790618875576043912509106561576039462",
"194317204552682116711483485279934712733",
"222450927402315196400171784608777330045"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d8f677744d51a894c175d07beead9a31b635d33",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"function": "getLayoutParams",
"file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthContainerView.java"
},
"id": "ASB-A-384727394-4cde9abb",
"digest": {
"function_hash": "156773066460170964586690322201394581246",
"length": 772.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d8f677744d51a894c175d07beead9a31b635d33",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"function": "onAttachedToWindow",
"file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthContainerView.java"
},
"id": "ASB-A-384727394-dff2d56e",
"digest": {
"function_hash": "116553826048209539677740353613512480395",
"length": 1274.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d8f677744d51a894c175d07beead9a31b635d33",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
}
],
"types": [
"EoP"
],
"spl": "2025-09-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/8d8f677744d51a894c175d07beead9a31b635d33"
],
"severity": "High"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"target": {
"file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthContainerView.java"
},
"id": "ASB-A-384727394-01fd7ef1",
"digest": {
"line_hashes": [
"10683005620314396847310811769687630384",
"163790618875576043912509106561576039462",
"194317204552682116711483485279934712733",
"222450927402315196400171784608777330045"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/bb0c52b2e7fd73c2456a54f6f988caeec8e44e98",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"function": "showUdfpsOverlay",
"file": "packages/SystemUI/src/com/android/systemui/biometrics/UdfpsController.java"
},
"id": "ASB-A-384727394-4b960c73",
"digest": {
"function_hash": "69301699828823724891187928542389067497",
"length": 956.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/bb0c52b2e7fd73c2456a54f6f988caeec8e44e98",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"function": "showUdfpsOverlay",
"file": "packages/SystemUI/src/com/android/systemui/biometrics/UdfpsController.java"
},
"id": "ASB-A-384727394-675d4f3c",
"digest": {
"function_hash": "329422496681991091346208342763543592668",
"length": 878.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/bb0c52b2e7fd73c2456a54f6f988caeec8e44e98",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "packages/SystemUI/src/com/android/systemui/biometrics/UdfpsController.java"
},
"id": "ASB-A-384727394-8417cb5a",
"digest": {
"line_hashes": [
"266903516084921326911442738138616380188",
"165942496643209102952725870653790667988",
"44690985772981978781219549786688046365",
"294859059122486576470547524190154404530",
"216352195697057715189632258604529450941",
"156923680568690848989084063993093988054",
"234423477679850712897087047938838275726",
"79800938046039531536472113661747311729",
"191005977176117953109985619894551636958",
"323024142042787881176150282542990210233",
"37792234365331431404840823058264106399",
"243025914530171688859003580625790969270",
"154537546777614112562929901147592246103",
"9658019869539598771137392518367044755",
"331661852895166690350414378088001025166",
"299239962748552208481163095667130255554",
"247633217503596357854888552992470052498",
"42162167146113767644612741936253336247",
"215915712450477873580152616077119360257",
"255463280400531355457066443047215144795",
"177433948302590336561153650314545706437",
"39492150746942544797126724915061225593",
"250980115117704618043994825469859365319",
"18622724462956156294346786425525592919",
"337524639394102383755803865709269776168",
"281341535729162572086263689698075653653",
"181242236060736724237162494820758127962",
"250664085071141483568776230502954664875",
"146799950753991865771560649133231976770",
"30952201092154501446974486883687837218",
"170485211976451326416512146485071510476",
"308619932104380222260562891354108017353",
"53637563197731141491145478264933992036",
"93630378340604475985430027772442822582",
"54216784928586912451546386653342262752",
"277643822891542876184727218289777397497",
"133616244479509086344595475885118252217",
"279306171532948885785380592078815180248",
"215310272436259419319950559139192121589",
"266374154225182438894477606877517514215",
"75497755079854535772603337048350296016",
"136340940372707114781247467171377714681",
"238918898115951034728376932949271013091",
"82921456159189922169755025883044763670",
"115355358118288917488443942941884834312",
"34343066045720112896859997945757391445"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/bb0c52b2e7fd73c2456a54f6f988caeec8e44e98",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"function": "UdfpsController",
"file": "packages/SystemUI/src/com/android/systemui/biometrics/UdfpsController.java"
},
"id": "ASB-A-384727394-c6e2b505",
"digest": {
"function_hash": "316586920930916737287289716637898606439",
"length": 3155.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/bb0c52b2e7fd73c2456a54f6f988caeec8e44e98",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"function": "getLayoutParams",
"file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthContainerView.java"
},
"id": "ASB-A-384727394-efac1ade",
"digest": {
"function_hash": "332593243100057279692902577768442988355",
"length": 800.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/bb0c52b2e7fd73c2456a54f6f988caeec8e44e98",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
}
],
"types": [
"EoP"
],
"spl": "2025-09-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/bb0c52b2e7fd73c2456a54f6f988caeec8e44e98"
],
"severity": "High"
}