ASB-A-389950114
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-389950114.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-389950114
- Aliases
-
- A-389950114
- CVE-2026-28577
- Published
- 2026-06-01T00:00:00Z
- Modified
- 2026-06-16T15:04:57.126039127Z
- Summary
- [none]
- Details
-
In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/352e98e9ed8ab9a0c63a499665b09d2ab2769f7e"
],
"spl": "2026-06-01",
"vanir_signatures": [
{
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java",
"function": "addWindow"
},
"signature_type": "Function",
"digest": {
"function_hash": "37023614408704152922898003860348940367",
"length": 10650.0
},
"id": "ASB-A-389950114-779afdb8",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/352e98e9ed8ab9a0c63a499665b09d2ab2769f7e"
},
{
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/352e98e9ed8ab9a0c63a499665b09d2ab2769f7e",
"signature_version": "v1",
"digest": {
"line_hashes": [
"27932017891604966021544559811175071959",
"315475683212704727166760713577483752255",
"188394027801698029900481290853172735849",
"146255118690895660322814751209724989281"
],
"threshold": 0.9
},
"id": "ASB-A-389950114-c929b27d",
"signature_type": "Line"
}
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/fd23e57220d587660cbe175d6b465cbc2aec222c"
],
"spl": "2026-06-01",
"vanir_signatures": [
{
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"27932017891604966021544559811175071959",
"315475683212704727166760713577483752255",
"188394027801698029900481290853172735849",
"146255118690895660322814751209724989281"
],
"threshold": 0.9
},
"id": "ASB-A-389950114-5a5b86c1",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/fd23e57220d587660cbe175d6b465cbc2aec222c"
},
{
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java",
"function": "addWindow"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/fd23e57220d587660cbe175d6b465cbc2aec222c",
"digest": {
"function_hash": "148305495535218786312359090108893745353",
"length": 12058.0
},
"id": "ASB-A-389950114-c8568fd9"
}
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/55aea98481db15689b390c54cae99c409281343f"
],
"spl": "2026-06-01",
"vanir_signatures": [
{
"id": "ASB-A-389950114-0c5e45bc",
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"27932017891604966021544559811175071959",
"315475683212704727166760713577483752255",
"188394027801698029900481290853172735849",
"146255118690895660322814751209724989281"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/55aea98481db15689b390c54cae99c409281343f",
"deprecated": false
},
{
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java",
"function": "addWindow"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/55aea98481db15689b390c54cae99c409281343f",
"digest": {
"function_hash": "243270993435680713753112798670756826899",
"length": 10163.0
},
"id": "ASB-A-389950114-fb8535a4"
}
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/69ace6d38b365847d80653750f26b204adf6e663"
],
"spl": "2026-06-01",
"vanir_signatures": [
{
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java",
"function": "addWindow"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/69ace6d38b365847d80653750f26b204adf6e663",
"digest": {
"function_hash": "257551047976146560909936817794158404180",
"length": 10318.0
},
"id": "ASB-A-389950114-49e2ace8"
},
{
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"27932017891604966021544559811175071959",
"315475683212704727166760713577483752255",
"188394027801698029900481290853172735849",
"146255118690895660322814751209724989281"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/69ace6d38b365847d80653750f26b204adf6e663",
"id": "ASB-A-389950114-b59877db"
}
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/17371594baff69a8ff477391955892c4f4826e9e"
],
"spl": "2026-06-01",
"vanir_signatures": [
{
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/Session.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"202172281432802788764437662650800201764",
"320654047162801706391931505276938494247",
"311851507303705137638921337089418703794",
"35334715859477885055920626759108336810",
"193040290859915295078663424525547000884",
"6717804215693328633612723713520932004",
"75918700486122701689821166961144622431",
"100354566591792921295502418529525925051"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/17371594baff69a8ff477391955892c4f4826e9e",
"id": "ASB-A-389950114-5ab43416"
},
{
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"27932017891604966021544559811175071959",
"315475683212704727166760713577483752255",
"188394027801698029900481290853172735849",
"146255118690895660322814751209724989281"
],
"threshold": 0.9
},
"id": "ASB-A-389950114-8982a786",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/17371594baff69a8ff477391955892c4f4826e9e"
},
{
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/Session.java",
"function": "Session"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/17371594baff69a8ff477391955892c4f4826e9e",
"digest": {
"function_hash": "167559775866481484354643738417520888154",
"length": 1723.0
},
"id": "ASB-A-389950114-da986ae5",
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "ASB-A-389950114-fdc8907f",
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java",
"function": "addWindow"
},
"signature_type": "Function",
"digest": {
"function_hash": "244615652217948530878621236300419731821",
"length": 12113.0
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/17371594baff69a8ff477391955892c4f4826e9e",
"deprecated": false
}
]
}