ASB-A-414387646
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-414387646.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-414387646
- Aliases
-
- A-414387646
- CVE-2025-48619
- Published
- 2026-03-01T00:00:00Z
- Modified
- 2026-03-20T16:01:55.726900Z
- Summary
- [none]
- Details
-
In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"target": {
"file": "core/java/android/content/ContentProvider.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/f8099b069367df749a4c101b5d7f9020d83cb660",
"deprecated": false,
"digest": {
"line_hashes": [
"53926371293763877280011075269325973104",
"92160766034025061469281567526157782315",
"4526780579449060579165140801074510946",
"13893639091080808656797209632667220158",
"318921267111831049569532712591900913513",
"319514605624689204050523846860884144135",
"253699463929828034814385475806044680128",
"1002948623803330444471149601269013313",
"80837961362361014558642213719928464310",
"309358095419138818138269989606807462354",
"53926371293763877280011075269325973104",
"149444583392933775662353758257759511689",
"108598690919257146683820508711659241415",
"60983179244915571142266141867438100127",
"225344914455432083366591624800981065164",
"3246697421424873346848687639047740978",
"171870199671977021092506053520874960682",
"281533118054969317670246678363987153818",
"267016320231918084749066450570610217586",
"309358095419138818138269989606807462354",
"230892084064704430863003591732958622459",
"128799203044967515776971951552481226552",
"243390588256245681192611993792553941987"
],
"threshold": 0.9
},
"id": "ASB-A-414387646-1ecb8a35",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "core/java/android/content/ContentProvider.java",
"function": "openAssetFile"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/f8099b069367df749a4c101b5d7f9020d83cb660",
"deprecated": false,
"digest": {
"function_hash": "57999960192884107863604702587639017086",
"length": 571.0
},
"id": "ASB-A-414387646-c2c75337",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "core/java/android/content/ContentProvider.java",
"function": "openFile"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/f8099b069367df749a4c101b5d7f9020d83cb660",
"deprecated": false,
"digest": {
"function_hash": "128098829386637969049863044326297312501",
"length": 566.0
},
"id": "ASB-A-414387646-f708c8d8",
"signature_type": "Function"
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/f8099b069367df749a4c101b5d7f9020d83cb660"
],
"spl": "2026-03-01",
"severity": "High"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"target": {
"file": "core/java/android/content/ContentProvider.java",
"function": "openFile"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/4ed6ad05b9c05cb694d8834656a4d65e61237fc0",
"deprecated": false,
"digest": {
"function_hash": "128098829386637969049863044326297312501",
"length": 566.0
},
"id": "ASB-A-414387646-3890873b",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "core/java/android/content/ContentProvider.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/4ed6ad05b9c05cb694d8834656a4d65e61237fc0",
"deprecated": false,
"digest": {
"line_hashes": [
"53926371293763877280011075269325973104",
"92160766034025061469281567526157782315",
"4526780579449060579165140801074510946",
"13893639091080808656797209632667220158",
"318921267111831049569532712591900913513",
"319514605624689204050523846860884144135",
"253699463929828034814385475806044680128",
"1002948623803330444471149601269013313",
"80837961362361014558642213719928464310",
"309358095419138818138269989606807462354",
"53926371293763877280011075269325973104",
"149444583392933775662353758257759511689",
"108598690919257146683820508711659241415",
"60983179244915571142266141867438100127",
"225344914455432083366591624800981065164",
"3246697421424873346848687639047740978",
"171870199671977021092506053520874960682",
"281533118054969317670246678363987153818",
"267016320231918084749066450570610217586",
"309358095419138818138269989606807462354",
"230892084064704430863003591732958622459",
"128799203044967515776971951552481226552",
"243390588256245681192611993792553941987"
],
"threshold": 0.9
},
"id": "ASB-A-414387646-8f4cffb2",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "core/java/android/content/ContentProvider.java",
"function": "openAssetFile"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/4ed6ad05b9c05cb694d8834656a4d65e61237fc0",
"deprecated": false,
"digest": {
"function_hash": "57999960192884107863604702587639017086",
"length": 571.0
},
"id": "ASB-A-414387646-e84a641e",
"signature_type": "Function"
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/4ed6ad05b9c05cb694d8834656a4d65e61237fc0"
],
"spl": "2026-03-01",
"severity": "High"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"target": {
"file": "core/java/android/content/ContentProvider.java",
"function": "openAssetFile"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/2ccfca86a433f9b7391187aff39cac4d3a251f1e",
"deprecated": false,
"digest": {
"function_hash": "57999960192884107863604702587639017086",
"length": 571.0
},
"id": "ASB-A-414387646-83b4785c",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "core/java/android/content/ContentProvider.java",
"function": "openFile"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/2ccfca86a433f9b7391187aff39cac4d3a251f1e",
"deprecated": false,
"digest": {
"function_hash": "128098829386637969049863044326297312501",
"length": 566.0
},
"id": "ASB-A-414387646-95f24438",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "core/java/android/content/ContentProvider.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/2ccfca86a433f9b7391187aff39cac4d3a251f1e",
"deprecated": false,
"digest": {
"line_hashes": [
"53926371293763877280011075269325973104",
"92160766034025061469281567526157782315",
"4526780579449060579165140801074510946",
"13893639091080808656797209632667220158",
"318921267111831049569532712591900913513",
"319514605624689204050523846860884144135",
"253699463929828034814385475806044680128",
"1002948623803330444471149601269013313",
"80837961362361014558642213719928464310",
"309358095419138818138269989606807462354",
"53926371293763877280011075269325973104",
"149444583392933775662353758257759511689",
"108598690919257146683820508711659241415",
"60983179244915571142266141867438100127",
"225344914455432083366591624800981065164",
"3246697421424873346848687639047740978",
"171870199671977021092506053520874960682",
"281533118054969317670246678363987153818",
"267016320231918084749066450570610217586",
"309358095419138818138269989606807462354",
"230892084064704430863003591732958622459",
"128799203044967515776971951552481226552",
"243390588256245681192611993792553941987"
],
"threshold": 0.9
},
"id": "ASB-A-414387646-dc251a69",
"signature_type": "Line"
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/2ccfca86a433f9b7391187aff39cac4d3a251f1e"
],
"spl": "2026-03-01",
"severity": "High"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"target": {
"file": "core/java/android/content/ContentProvider.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/94788ff349042279a0c40c28d8b6b8dfb035556c",
"deprecated": false,
"digest": {
"line_hashes": [
"53926371293763877280011075269325973104",
"250568756603949964571079932229776859564",
"54191138188260997730153990431573049038",
"1993991771118379238260357964047744257",
"89504409595167229181463665114766867672",
"319514605624689204050523846860884144135",
"253699463929828034814385475806044680128",
"1002948623803330444471149601269013313",
"80837961362361014558642213719928464310",
"309358095419138818138269989606807462354",
"53926371293763877280011075269325973104",
"28691493494152501178381756290049291888",
"164793952180731112746362195984220096368",
"170330991777144262077543009745566316111",
"2299102054957029803039402726650601170",
"3246697421424873346848687639047740978",
"171870199671977021092506053520874960682",
"281533118054969317670246678363987153818",
"267016320231918084749066450570610217586",
"309358095419138818138269989606807462354",
"120289633225718084186041118281722985756",
"128799203044967515776971951552481226552",
"243390588256245681192611993792553941987"
],
"threshold": 0.9
},
"id": "ASB-A-414387646-6835553b",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "core/java/android/content/ContentProvider.java",
"function": "openFile"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/94788ff349042279a0c40c28d8b6b8dfb035556c",
"deprecated": false,
"digest": {
"function_hash": "35800652580259927118731841270952705770",
"length": 550.0
},
"id": "ASB-A-414387646-8505cda9",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "core/java/android/content/ContentProvider.java",
"function": "openAssetFile"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/94788ff349042279a0c40c28d8b6b8dfb035556c",
"deprecated": false,
"digest": {
"function_hash": "275819054357327807128259941870615254776",
"length": 555.0
},
"id": "ASB-A-414387646-8769f127",
"signature_type": "Function"
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/94788ff349042279a0c40c28d8b6b8dfb035556c"
],
"spl": "2026-03-01",
"severity": "High"
}