ASB-A-417463103

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-417463103.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-417463103
Aliases
Published
2025-12-01T00:00:00Z
Modified
2026-04-02T16:07:38.132481Z
Summary
[none]
Details

In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android
platform/packages/apps/CertInstaller

Package

Name
platform/packages/apps/CertInstaller

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16-qpr2-next:0
Fixed
16-qpr2-next:2025-12-01

Affected versions

Other
16-qpr2-next

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/46580f2f6f027dfe2284382184785f2979677303"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/46580f2f6f027dfe2284382184785f2979677303",
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "103901496256402229466384503393723912277",
                    "18720809403064552219339165216168260749",
                    "339184450843653545803881638117511054369",
                    "231613157017717151000699649961671672941",
                    "70333851653190860079119448811246161127",
                    "26035587186077096286353624074125104970",
                    "288419741676857396493676388736201793928",
                    "200337263394288613267087409979321800511",
                    "54351694185754919688428504293171576740",
                    "58436935891895855494212249124821043883",
                    "175227009910536180962869042720108157788",
                    "310425033356234360515752687754908154223",
                    "237679515135809758716672149636918968073",
                    "140460426784432020406851187952926095305",
                    "84039475043011529676134854347230257512",
                    "272376954987418974850270982791694601547",
                    "263378475441229504566891868693789061969",
                    "274397148266025622781274972943212023279",
                    "277823449955477155607831026498176776591"
                ]
            },
            "id": "ASB-A-417463103-08e0f027",
            "target": {
                "file": "src/com/android/certinstaller/CertInstaller.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/46580f2f6f027dfe2284382184785f2979677303",
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "208070268995805349569930411797753651390",
                    "123169669983335258228418061914981102109",
                    "326280069694882229128194079846587371275",
                    "119592523063725283780946789109431786739",
                    "340056697021609642581914470448081083279",
                    "153581026166356616010233739207154478967",
                    "158607895903461804740738833703222485111",
                    "200181950237130712912379191503056275440",
                    "276310727171001443104913996003416432747",
                    "260513266408957088855040176064490511864"
                ]
            },
            "id": "ASB-A-417463103-14d11b7b",
            "target": {
                "file": "src/com/android/certinstaller/CredentialHelper.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/46580f2f6f027dfe2284382184785f2979677303",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "function_hash": "258150643077968048156757358353350276237",
                "length": 94.0
            },
            "id": "ASB-A-417463103-32d79917",
            "target": {
                "function": "calledBySettings",
                "file": "src/com/android/certinstaller/CredentialHelper.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/46580f2f6f027dfe2284382184785f2979677303",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "function_hash": "35132757605557818009020706293083755770",
                "length": 318.0
            },
            "id": "ASB-A-417463103-81d85b62",
            "target": {
                "function": "extractPkcs12OrInstall",
                "file": "src/com/android/certinstaller/CertInstaller.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/46580f2f6f027dfe2284382184785f2979677303",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "function_hash": "32761022413947671591330254487883083729",
                "length": 453.0
            },
            "id": "ASB-A-417463103-dc6b9a85",
            "target": {
                "function": "onExtractionDone",
                "file": "src/com/android/certinstaller/CertInstaller.java"
            }
        }
    ],
    "spl": "2025-12-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-417463103.json"
platform/packages/apps/CertInstaller

Package

Name
platform/packages/apps/CertInstaller

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15:0
Fixed
15:2025-12-01

Affected versions

Other
15

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/cb9f6a5f1e9ac1e89348ba36a69e90041d9a1a76"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/cb9f6a5f1e9ac1e89348ba36a69e90041d9a1a76",
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "208070268995805349569930411797753651390",
                    "123169669983335258228418061914981102109",
                    "326280069694882229128194079846587371275",
                    "119592523063725283780946789109431786739",
                    "340056697021609642581914470448081083279",
                    "153581026166356616010233739207154478967",
                    "158607895903461804740738833703222485111",
                    "200181950237130712912379191503056275440",
                    "276310727171001443104913996003416432747",
                    "260513266408957088855040176064490511864"
                ]
            },
            "id": "ASB-A-417463103-241447f2",
            "target": {
                "file": "src/com/android/certinstaller/CredentialHelper.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/cb9f6a5f1e9ac1e89348ba36a69e90041d9a1a76",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "function_hash": "258150643077968048156757358353350276237",
                "length": 94.0
            },
            "id": "ASB-A-417463103-839435d9",
            "target": {
                "function": "calledBySettings",
                "file": "src/com/android/certinstaller/CredentialHelper.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/cb9f6a5f1e9ac1e89348ba36a69e90041d9a1a76",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "function_hash": "32761022413947671591330254487883083729",
                "length": 453.0
            },
            "id": "ASB-A-417463103-840850aa",
            "target": {
                "function": "onExtractionDone",
                "file": "src/com/android/certinstaller/CertInstaller.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/cb9f6a5f1e9ac1e89348ba36a69e90041d9a1a76",
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "103901496256402229466384503393723912277",
                    "18720809403064552219339165216168260749",
                    "339184450843653545803881638117511054369",
                    "231613157017717151000699649961671672941",
                    "70333851653190860079119448811246161127",
                    "26035587186077096286353624074125104970",
                    "288419741676857396493676388736201793928",
                    "200337263394288613267087409979321800511",
                    "54351694185754919688428504293171576740",
                    "58436935891895855494212249124821043883",
                    "175227009910536180962869042720108157788",
                    "310425033356234360515752687754908154223",
                    "237679515135809758716672149636918968073",
                    "140460426784432020406851187952926095305",
                    "84039475043011529676134854347230257512",
                    "272376954987418974850270982791694601547",
                    "263378475441229504566891868693789061969",
                    "274397148266025622781274972943212023279",
                    "277823449955477155607831026498176776591"
                ]
            },
            "id": "ASB-A-417463103-bfccb368",
            "target": {
                "file": "src/com/android/certinstaller/CertInstaller.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/cb9f6a5f1e9ac1e89348ba36a69e90041d9a1a76",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "function_hash": "35132757605557818009020706293083755770",
                "length": 318.0
            },
            "id": "ASB-A-417463103-c8d82620",
            "target": {
                "function": "extractPkcs12OrInstall",
                "file": "src/com/android/certinstaller/CertInstaller.java"
            }
        }
    ],
    "spl": "2025-12-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-417463103.json"
platform/packages/apps/CertInstaller

Package

Name
platform/packages/apps/CertInstaller

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16:0
Fixed
16:2025-12-01

Affected versions

Other
16

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2f858ccb45cd1e1efd3175a217e06c06c109db66"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2f858ccb45cd1e1efd3175a217e06c06c109db66",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "function_hash": "258150643077968048156757358353350276237",
                "length": 94.0
            },
            "id": "ASB-A-417463103-333b691d",
            "target": {
                "function": "calledBySettings",
                "file": "src/com/android/certinstaller/CredentialHelper.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2f858ccb45cd1e1efd3175a217e06c06c109db66",
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "103901496256402229466384503393723912277",
                    "18720809403064552219339165216168260749",
                    "339184450843653545803881638117511054369",
                    "231613157017717151000699649961671672941",
                    "70333851653190860079119448811246161127",
                    "26035587186077096286353624074125104970",
                    "288419741676857396493676388736201793928",
                    "200337263394288613267087409979321800511",
                    "54351694185754919688428504293171576740",
                    "58436935891895855494212249124821043883",
                    "175227009910536180962869042720108157788",
                    "310425033356234360515752687754908154223",
                    "237679515135809758716672149636918968073",
                    "140460426784432020406851187952926095305",
                    "84039475043011529676134854347230257512",
                    "272376954987418974850270982791694601547",
                    "263378475441229504566891868693789061969",
                    "274397148266025622781274972943212023279",
                    "277823449955477155607831026498176776591"
                ]
            },
            "id": "ASB-A-417463103-3c2ebc0c",
            "target": {
                "file": "src/com/android/certinstaller/CertInstaller.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2f858ccb45cd1e1efd3175a217e06c06c109db66",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "function_hash": "35132757605557818009020706293083755770",
                "length": 318.0
            },
            "id": "ASB-A-417463103-3c77c937",
            "target": {
                "function": "extractPkcs12OrInstall",
                "file": "src/com/android/certinstaller/CertInstaller.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2f858ccb45cd1e1efd3175a217e06c06c109db66",
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "208070268995805349569930411797753651390",
                    "123169669983335258228418061914981102109",
                    "326280069694882229128194079846587371275",
                    "119592523063725283780946789109431786739",
                    "340056697021609642581914470448081083279",
                    "153581026166356616010233739207154478967",
                    "158607895903461804740738833703222485111",
                    "200181950237130712912379191503056275440",
                    "276310727171001443104913996003416432747",
                    "260513266408957088855040176064490511864"
                ]
            },
            "id": "ASB-A-417463103-51dab54d",
            "target": {
                "file": "src/com/android/certinstaller/CredentialHelper.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2f858ccb45cd1e1efd3175a217e06c06c109db66",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "function_hash": "32761022413947671591330254487883083729",
                "length": 453.0
            },
            "id": "ASB-A-417463103-c2071a52",
            "target": {
                "function": "onExtractionDone",
                "file": "src/com/android/certinstaller/CertInstaller.java"
            }
        }
    ],
    "spl": "2025-12-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-417463103.json"
platform/packages/apps/CertInstaller

Package

Name
platform/packages/apps/CertInstaller

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2025-12-01

Affected versions

Other
13

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "function_hash": "35132757605557818009020706293083755770",
                "length": 318.0
            },
            "id": "ASB-A-417463103-0c6a8a0f",
            "target": {
                "function": "extractPkcs12OrInstall",
                "file": "src/com/android/certinstaller/CertInstaller.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "function_hash": "258150643077968048156757358353350276237",
                "length": 94.0
            },
            "id": "ASB-A-417463103-2bf31d94",
            "target": {
                "function": "calledBySettings",
                "file": "src/com/android/certinstaller/CredentialHelper.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0",
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "208070268995805349569930411797753651390",
                    "123169669983335258228418061914981102109",
                    "326280069694882229128194079846587371275",
                    "119592523063725283780946789109431786739",
                    "340056697021609642581914470448081083279",
                    "153581026166356616010233739207154478967",
                    "158607895903461804740738833703222485111",
                    "200181950237130712912379191503056275440",
                    "276310727171001443104913996003416432747",
                    "260513266408957088855040176064490511864"
                ]
            },
            "id": "ASB-A-417463103-6b13dd0c",
            "target": {
                "file": "src/com/android/certinstaller/CredentialHelper.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0",
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "103901496256402229466384503393723912277",
                    "18720809403064552219339165216168260749",
                    "339184450843653545803881638117511054369",
                    "231613157017717151000699649961671672941",
                    "70333851653190860079119448811246161127",
                    "26035587186077096286353624074125104970",
                    "288419741676857396493676388736201793928",
                    "200337263394288613267087409979321800511",
                    "54351694185754919688428504293171576740",
                    "58436935891895855494212249124821043883",
                    "175227009910536180962869042720108157788",
                    "310425033356234360515752687754908154223",
                    "237679515135809758716672149636918968073",
                    "140460426784432020406851187952926095305",
                    "84039475043011529676134854347230257512",
                    "272376954987418974850270982791694601547",
                    "263378475441229504566891868693789061969",
                    "274397148266025622781274972943212023279",
                    "277823449955477155607831026498176776591"
                ]
            },
            "id": "ASB-A-417463103-6e792385",
            "target": {
                "file": "src/com/android/certinstaller/CertInstaller.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "function_hash": "32761022413947671591330254487883083729",
                "length": 453.0
            },
            "id": "ASB-A-417463103-f46cbe4b",
            "target": {
                "function": "onExtractionDone",
                "file": "src/com/android/certinstaller/CertInstaller.java"
            }
        }
    ],
    "spl": "2025-12-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-417463103.json"
platform/packages/apps/CertInstaller

Package

Name
platform/packages/apps/CertInstaller

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2025-12-01

Affected versions

Other
14

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "function_hash": "32761022413947671591330254487883083729",
                "length": 453.0
            },
            "id": "ASB-A-417463103-02a51deb",
            "target": {
                "function": "onExtractionDone",
                "file": "src/com/android/certinstaller/CertInstaller.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "function_hash": "258150643077968048156757358353350276237",
                "length": 94.0
            },
            "id": "ASB-A-417463103-23d2f4a0",
            "target": {
                "function": "calledBySettings",
                "file": "src/com/android/certinstaller/CredentialHelper.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0",
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "208070268995805349569930411797753651390",
                    "123169669983335258228418061914981102109",
                    "326280069694882229128194079846587371275",
                    "119592523063725283780946789109431786739",
                    "340056697021609642581914470448081083279",
                    "153581026166356616010233739207154478967",
                    "158607895903461804740738833703222485111",
                    "200181950237130712912379191503056275440",
                    "276310727171001443104913996003416432747",
                    "260513266408957088855040176064490511864"
                ]
            },
            "id": "ASB-A-417463103-8208a35c",
            "target": {
                "file": "src/com/android/certinstaller/CredentialHelper.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0",
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "function_hash": "35132757605557818009020706293083755770",
                "length": 318.0
            },
            "id": "ASB-A-417463103-d9f5e0ad",
            "target": {
                "function": "extractPkcs12OrInstall",
                "file": "src/com/android/certinstaller/CertInstaller.java"
            }
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0",
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "103901496256402229466384503393723912277",
                    "18720809403064552219339165216168260749",
                    "339184450843653545803881638117511054369",
                    "231613157017717151000699649961671672941",
                    "70333851653190860079119448811246161127",
                    "26035587186077096286353624074125104970",
                    "288419741676857396493676388736201793928",
                    "200337263394288613267087409979321800511",
                    "54351694185754919688428504293171576740",
                    "58436935891895855494212249124821043883",
                    "175227009910536180962869042720108157788",
                    "310425033356234360515752687754908154223",
                    "237679515135809758716672149636918968073",
                    "140460426784432020406851187952926095305",
                    "84039475043011529676134854347230257512",
                    "272376954987418974850270982791694601547",
                    "263378475441229504566891868693789061969",
                    "274397148266025622781274972943212023279",
                    "277823449955477155607831026498176776591"
                ]
            },
            "id": "ASB-A-417463103-f29c455f",
            "target": {
                "file": "src/com/android/certinstaller/CertInstaller.java"
            }
        }
    ],
    "spl": "2025-12-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-417463103.json"