ASB-A-397438392

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-397438392.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-397438392
Aliases
  • A-397438392
  • CVE-2025-48545
Published
2025-09-01T00:00:00Z
Modified
2025-10-13T15:01:54.398779Z
Summary
[none]
Details

In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16-next:0
Fixed
16-next:2025-09-01

Affected versions

Other

16-next

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "301085973425528169524709004077373831563",
                    "216726074587728072739208380767334123804",
                    "119242253748994613345553426103635851740",
                    "242632864898814537389428415415848732297"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d400709160c8374d83a15dc7623b11434c08c4c6",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-397438392-ec25bb79",
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 629.0,
                "function_hash": "264335857848518456123992062052361392928"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d400709160c8374d83a15dc7623b11434c08c4c6",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "isSystemUid"
            },
            "id": "ASB-A-397438392-f5407bbb",
            "signature_type": "Function"
        }
    ],
    "severity": "High",
    "types": [
        "ID"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/d400709160c8374d83a15dc7623b11434c08c4c6"
    ],
    "spl": "2025-09-01"
}

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15:0
Fixed
15:2025-09-01

Affected versions

Other

15

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "301085973425528169524709004077373831563",
                    "216726074587728072739208380767334123804",
                    "119242253748994613345553426103635851740",
                    "242632864898814537389428415415848732297"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/4732a7720c89aeaa30157932c3d9e37908d50db2",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-397438392-ba14281f",
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 629.0,
                "function_hash": "264335857848518456123992062052361392928"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/4732a7720c89aeaa30157932c3d9e37908d50db2",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "isSystemUid"
            },
            "id": "ASB-A-397438392-f7d81269",
            "signature_type": "Function"
        }
    ],
    "severity": "High",
    "types": [
        "ID"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/4732a7720c89aeaa30157932c3d9e37908d50db2"
    ],
    "spl": "2025-09-01"
}

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16:0
Fixed
16:2025-09-01

Affected versions

Other

16

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 629.0,
                "function_hash": "264335857848518456123992062052361392928"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3eb6e9bf403d4b42762f15f55875cbb75039edea",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "isSystemUid"
            },
            "id": "ASB-A-397438392-3f5e8c4e",
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "301085973425528169524709004077373831563",
                    "216726074587728072739208380767334123804",
                    "119242253748994613345553426103635851740",
                    "242632864898814537389428415415848732297"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3eb6e9bf403d4b42762f15f55875cbb75039edea",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-397438392-43b2a79f",
            "signature_type": "Line"
        }
    ],
    "severity": "High",
    "types": [
        "ID"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/3eb6e9bf403d4b42762f15f55875cbb75039edea"
    ],
    "spl": "2025-09-01"
}

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2025-09-01

Affected versions

Other

13

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "301085973425528169524709004077373831563",
                    "216726074587728072739208380767334123804",
                    "119242253748994613345553426103635851740",
                    "242632864898814537389428415415848732297"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e73ea8f51b74a87047e8aef38a724ab2f667a6bf",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-397438392-59e421a1",
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 629.0,
                "function_hash": "264335857848518456123992062052361392928"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e73ea8f51b74a87047e8aef38a724ab2f667a6bf",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "isSystemUid"
            },
            "id": "ASB-A-397438392-85b7d356",
            "signature_type": "Function"
        }
    ],
    "severity": "High",
    "types": [
        "ID"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/e73ea8f51b74a87047e8aef38a724ab2f667a6bf"
    ],
    "spl": "2025-09-01"
}

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2025-09-01

Affected versions

Other

14

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 629.0,
                "function_hash": "264335857848518456123992062052361392928"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/04fa4b05b9b5962485a0b93874dc8302635b56bf",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "isSystemUid"
            },
            "id": "ASB-A-397438392-a5989eea",
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "301085973425528169524709004077373831563",
                    "216726074587728072739208380767334123804",
                    "119242253748994613345553426103635851740",
                    "242632864898814537389428415415848732297"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/04fa4b05b9b5962485a0b93874dc8302635b56bf",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-397438392-bcc41ed1",
            "signature_type": "Line"
        }
    ],
    "severity": "High",
    "types": [
        "ID"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/04fa4b05b9b5962485a0b93874dc8302635b56bf"
    ],
    "spl": "2025-09-01"
}