ASB-A-408215749
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-408215749.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-408215749
- Aliases
-
- A-408215749
- CVE-2025-32349
- Published
- 2025-09-01T00:00:00Z
- Modified
- 2026-04-17T15:55:28.020024Z
- Summary
- [none]
- Details
-
In multiple locations, there is a possible privilege escalation due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 2192.0,
"function_hash": "46500887056697594047081537987225494204"
},
"id": "ASB-A-408215749-0b0aecbb",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/87fc39092ca24f51b0315bd3868638289f925606",
"target": {
"function": "adjustWindowParamsLw",
"file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"201904464568336985475915820382324790951",
"13409443471544318719523490892523778773",
"161429973723354732237531759415663007175",
"204896755140344046184406651827807789088",
"177786852814562046750704862933132913670",
"224903445534682219461979944206426606234",
"196929720538350313905126156108196069165",
"268287909900336032225051752572017840251"
]
},
"id": "ASB-A-408215749-2b752f06",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/7ae38300e9f79a94c0f11cb715e4ea144d4430b2",
"target": {
"file": "services/core/java/com/android/server/wm/WindowStateAnimator.java"
}
},
{
"digest": {
"length": 1089.0,
"function_hash": "37431220966573520822792011219162230728"
},
"id": "ASB-A-408215749-3d926a70",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/7ae38300e9f79a94c0f11cb715e4ea144d4430b2",
"target": {
"function": "show",
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
},
{
"digest": {
"length": 484.0,
"function_hash": "251447601166105229831861779513441982273"
},
"id": "ASB-A-408215749-4c72ff7d",
"deprecated": false,
"target": {
"function": "setForceHideNonSystemOverlayWindowIfNeeded",
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"signature_type": "Function",
"match_only_versions": [
"16-next"
],
"source": "https://android.googlesource.com/platform/frameworks/base/+/7ae38300e9f79a94c0f11cb715e4ea144d4430b2",
"signature_version": "v1"
},
{
"digest": {
"length": 2122.0,
"function_hash": "61524713928084145603339191318704785534"
},
"id": "ASB-A-408215749-9bbf35a8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/7ae38300e9f79a94c0f11cb715e4ea144d4430b2",
"target": {
"function": "applyAnimationLocked",
"file": "services/core/java/com/android/server/wm/WindowStateAnimator.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"320754921325045158968841410801028327418",
"338094196989045123015778296998651767460",
"124568455449675093228614837996088111862",
"117240680202406064317653442700771351587"
]
},
"id": "ASB-A-408215749-a2d1602a",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/87fc39092ca24f51b0315bd3868638289f925606",
"target": {
"file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"35429178940830642502817207684304243955",
"263272723815670162719720692488140673330",
"189874878780797538245576943630330796945",
"13143600611355226543544112867922053881",
"219032621354172057005128545093160906774",
"115775729929352913913127422595172458075",
"192181545258573237909329569346894302152",
"223944512126736607994667331090945106537",
"96710653856505510310639285268304304599",
"210559563236711244457527744616947491883",
"246055486246453523772316401094440088212",
"77875204097083182055750013565738768243",
"260572653997723997123599115687806276635",
"226026519274057475327378688547446868339",
"1865106637846982979685510115795519695",
"84496464945246677191339651709368343114",
"272408033335267253512309867365715041817",
"138198184166265904476844571551865472746",
"43544052685817852905573236264732704112",
"65534544606542973141701575900721904688",
"185550145377147174567006554256878819863",
"5239671405444312160800972798884835114",
"197303950902900701094491863680924688559",
"335022905788292818145022105949807708443",
"281323032756614960151897266509943740947",
"288041968318694665354907527628918590833"
]
},
"id": "ASB-A-408215749-c4177f93",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"signature_type": "Line",
"match_only_versions": [
"16-next"
],
"source": "https://android.googlesource.com/platform/frameworks/base/+/7ae38300e9f79a94c0f11cb715e4ea144d4430b2",
"signature_version": "v1"
},
{
"digest": {
"length": 6279.0,
"function_hash": "149830983188146527952979266623709921034"
},
"id": "ASB-A-408215749-edce22a4",
"deprecated": false,
"target": {
"function": "dump",
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"signature_type": "Function",
"match_only_versions": [
"16-next"
],
"source": "https://android.googlesource.com/platform/frameworks/base/+/7ae38300e9f79a94c0f11cb715e4ea144d4430b2",
"signature_version": "v1"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/87fc39092ca24f51b0315bd3868638289f925606",
"https://android.googlesource.com/platform/frameworks/base/+/7ae38300e9f79a94c0f11cb715e4ea144d4430b2"
],
"types": [
"EoP"
],
"spl": "2025-09-01",
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 2113.0,
"function_hash": "108612950539620076039599339969581573895"
},
"id": "ASB-A-408215749-208ed0dd",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/cc347f9a90c634df7ff97034bf8d963309a57270",
"target": {
"function": "applyAnimationLocked",
"file": "services/core/java/com/android/server/wm/WindowStateAnimator.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"96710653856505510310639285268304304599",
"210559563236711244457527744616947491883",
"246055486246453523772316401094440088212"
]
},
"id": "ASB-A-408215749-45fb54c8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/cc347f9a90c634df7ff97034bf8d963309a57270",
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"320754921325045158968841410801028327418",
"338094196989045123015778296998651767460",
"124568455449675093228614837996088111862",
"117240680202406064317653442700771351587"
]
},
"id": "ASB-A-408215749-7332504f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9e077f0cc622d2aa45bf43354dff23a9dcc01a3",
"target": {
"file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
}
},
{
"digest": {
"length": 2192.0,
"function_hash": "46500887056697594047081537987225494204"
},
"id": "ASB-A-408215749-9352553f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9e077f0cc622d2aa45bf43354dff23a9dcc01a3",
"target": {
"function": "adjustWindowParamsLw",
"file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"201904464568336985475915820382324790951",
"13409443471544318719523490892523778773",
"161429973723354732237531759415663007175",
"303675762840867187450162922118427436341",
"177786852814562046750704862933132913670",
"224903445534682219461979944206426606234",
"196929720538350313905126156108196069165",
"268287909900336032225051752572017840251"
]
},
"id": "ASB-A-408215749-d3cec7cc",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/cc347f9a90c634df7ff97034bf8d963309a57270",
"target": {
"file": "services/core/java/com/android/server/wm/WindowStateAnimator.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/cc347f9a90c634df7ff97034bf8d963309a57270",
"https://android.googlesource.com/platform/frameworks/base/+/f9e077f0cc622d2aa45bf43354dff23a9dcc01a3"
],
"types": [
"EoP"
],
"spl": "2025-09-01",
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"96710653856505510310639285268304304599",
"210559563236711244457527744616947491883",
"246055486246453523772316401094440088212"
]
},
"id": "ASB-A-408215749-010d0a49",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/74eb0ec676f23bad95f06b0a4ee559dafc2fb22a",
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
},
{
"digest": {
"length": 2122.0,
"function_hash": "61524713928084145603339191318704785534"
},
"id": "ASB-A-408215749-01bbd964",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/74eb0ec676f23bad95f06b0a4ee559dafc2fb22a",
"target": {
"function": "applyAnimationLocked",
"file": "services/core/java/com/android/server/wm/WindowStateAnimator.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"201904464568336985475915820382324790951",
"13409443471544318719523490892523778773",
"161429973723354732237531759415663007175",
"204896755140344046184406651827807789088",
"177786852814562046750704862933132913670",
"224903445534682219461979944206426606234",
"196929720538350313905126156108196069165",
"268287909900336032225051752572017840251"
]
},
"id": "ASB-A-408215749-2c2fa026",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/74eb0ec676f23bad95f06b0a4ee559dafc2fb22a",
"target": {
"file": "services/core/java/com/android/server/wm/WindowStateAnimator.java"
}
},
{
"digest": {
"length": 2192.0,
"function_hash": "46500887056697594047081537987225494204"
},
"id": "ASB-A-408215749-6e747c82",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/ad7120e1c45b9c2eb301d9cb54e18f4e2a5b839c",
"target": {
"function": "adjustWindowParamsLw",
"file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"320754921325045158968841410801028327418",
"338094196989045123015778296998651767460",
"124568455449675093228614837996088111862",
"117240680202406064317653442700771351587"
]
},
"id": "ASB-A-408215749-f2434a31",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/ad7120e1c45b9c2eb301d9cb54e18f4e2a5b839c",
"target": {
"file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/74eb0ec676f23bad95f06b0a4ee559dafc2fb22a",
"https://android.googlesource.com/platform/frameworks/base/+/ad7120e1c45b9c2eb301d9cb54e18f4e2a5b839c"
],
"types": [
"EoP"
],
"spl": "2025-09-01",
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"320754921325045158968841410801028327418",
"338094196989045123015778296998651767460",
"124568455449675093228614837996088111862",
"117240680202406064317653442700771351587"
]
},
"id": "ASB-A-408215749-905c9c88",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3beed7b34e54f2147aef9e9e5bbb413527b399fa",
"target": {
"file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"96710653856505510310639285268304304599",
"210559563236711244457527744616947491883",
"246055486246453523772316401094440088212"
]
},
"id": "ASB-A-408215749-a492552d",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/dd71ab6ba3950978bd28dc38fecec236cf1153ea",
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"201904464568336985475915820382324790951",
"13409443471544318719523490892523778773",
"161429973723354732237531759415663007175",
"17815163004452760008631732071102879758",
"177786852814562046750704862933132913670",
"224903445534682219461979944206426606234",
"196929720538350313905126156108196069165",
"268287909900336032225051752572017840251"
]
},
"id": "ASB-A-408215749-c15d8946",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/dd71ab6ba3950978bd28dc38fecec236cf1153ea",
"target": {
"file": "services/core/java/com/android/server/wm/WindowStateAnimator.java"
}
},
{
"digest": {
"length": 2120.0,
"function_hash": "265827318803707599257587124524610229685"
},
"id": "ASB-A-408215749-c3568d43",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/dd71ab6ba3950978bd28dc38fecec236cf1153ea",
"target": {
"function": "applyAnimationLocked",
"file": "services/core/java/com/android/server/wm/WindowStateAnimator.java"
}
},
{
"digest": {
"length": 2391.0,
"function_hash": "274602194768783411514126977244299952776"
},
"id": "ASB-A-408215749-cf4a94d6",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3beed7b34e54f2147aef9e9e5bbb413527b399fa",
"target": {
"function": "adjustWindowParamsLw",
"file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/3beed7b34e54f2147aef9e9e5bbb413527b399fa",
"https://android.googlesource.com/platform/frameworks/base/+/dd71ab6ba3950978bd28dc38fecec236cf1153ea"
],
"types": [
"EoP"
],
"spl": "2025-09-01",
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"320754921325045158968841410801028327418",
"338094196989045123015778296998651767460",
"124568455449675093228614837996088111862",
"117240680202406064317653442700771351587"
]
},
"id": "ASB-A-408215749-30bca6b1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3beed7b34e54f2147aef9e9e5bbb413527b399fa",
"target": {
"file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
}
},
{
"digest": {
"length": 2391.0,
"function_hash": "274602194768783411514126977244299952776"
},
"id": "ASB-A-408215749-5a741370",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3beed7b34e54f2147aef9e9e5bbb413527b399fa",
"target": {
"function": "adjustWindowParamsLw",
"file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"201904464568336985475915820382324790951",
"13409443471544318719523490892523778773",
"161429973723354732237531759415663007175",
"17815163004452760008631732071102879758",
"177786852814562046750704862933132913670",
"224903445534682219461979944206426606234",
"196929720538350313905126156108196069165",
"268287909900336032225051752572017840251"
]
},
"id": "ASB-A-408215749-a86e38de",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/dd71ab6ba3950978bd28dc38fecec236cf1153ea",
"target": {
"file": "services/core/java/com/android/server/wm/WindowStateAnimator.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"96710653856505510310639285268304304599",
"210559563236711244457527744616947491883",
"246055486246453523772316401094440088212"
]
},
"id": "ASB-A-408215749-a98e3ff9",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/dd71ab6ba3950978bd28dc38fecec236cf1153ea",
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
},
{
"digest": {
"length": 2120.0,
"function_hash": "265827318803707599257587124524610229685"
},
"id": "ASB-A-408215749-e3748cd0",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/dd71ab6ba3950978bd28dc38fecec236cf1153ea",
"target": {
"function": "applyAnimationLocked",
"file": "services/core/java/com/android/server/wm/WindowStateAnimator.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/3beed7b34e54f2147aef9e9e5bbb413527b399fa",
"https://android.googlesource.com/platform/frameworks/base/+/dd71ab6ba3950978bd28dc38fecec236cf1153ea"
],
"types": [
"EoP"
],
"spl": "2025-09-01",
"severity": "High"
}