ASB-A-417988098
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-417988098.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-417988098
- Aliases
-
- A-417988098
- CVE-2025-48633
- Published
- 2025-12-01T00:00:00Z
- Modified
- 2026-03-27T16:19:41.196438Z
- Summary
- [none]
- Details
-
In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"ID"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/a8819d3bdc496d3a4b5ea041434ff5d71b1f8c95"
],
"spl": "2025-12-01",
"vanir_signatures": [
{
"match_only_versions": [
"16-qpr2-next"
],
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"
},
"id": "ASB-A-417988098-53c5e9c3",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/a8819d3bdc496d3a4b5ea041434ff5d71b1f8c95",
"digest": {
"line_hashes": [
"228627409854854366920249968764744863575",
"112758038984776877850116512949538155554",
"279100164488443653505373466994203365574",
"312430612973083313531656263379661982871",
"174136908777338641885721446830945073462",
"210486942932395435650090752026016186599",
"82768522421096348039197161844264814895",
"12959855043758291770418159949942857401",
"14743293529936974676583240089675958297",
"114023606051986100405342786167960816485",
"289018824553411596236786754493969215023",
"184978904748512204470877337638793500747",
"134740195501709402976504490245098310384",
"70240218339882788536549213938104471009",
"313782378611338187130601511332942839768",
"102773042227712380051185624212894701760",
"89473433834476336072960756605294898981",
"274356538685267123918532653911816561589",
"265289797900258886413689574868679093053",
"305626251967523633557600181552379173028",
"240094929358021849080060019783533587618",
"66337160365168716822454222546076431092"
],
"threshold": 0.9
}
},
{
"match_only_versions": [
"16-qpr2-next"
],
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "hasAccountsOnAnyUser"
},
"id": "ASB-A-417988098-6f20cd57",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/a8819d3bdc496d3a4b5ea041434ff5d71b1f8c95",
"digest": {
"function_hash": "47098530988569470138235014943703581247",
"length": 370.0
}
}
],
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"ID"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/18eeec99a1bf4a569abb2cf03199b5c8de47c3e2"
],
"spl": "2025-12-01",
"vanir_signatures": [
{
"match_only_versions": [
"15"
],
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"
},
"id": "ASB-A-417988098-84123916",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/18eeec99a1bf4a569abb2cf03199b5c8de47c3e2",
"digest": {
"line_hashes": [
"228627409854854366920249968764744863575",
"112758038984776877850116512949538155554",
"279100164488443653505373466994203365574",
"238007327852204588133038310093592302728",
"174136908777338641885721446830945073462",
"210486942932395435650090752026016186599",
"82768522421096348039197161844264814895",
"12959855043758291770418159949942857401",
"14743293529936974676583240089675958297",
"114023606051986100405342786167960816485",
"289018824553411596236786754493969215023",
"184978904748512204470877337638793500747",
"134740195501709402976504490245098310384",
"70240218339882788536549213938104471009",
"313782378611338187130601511332942839768",
"102773042227712380051185624212894701760",
"89473433834476336072960756605294898981",
"274356538685267123918532653911816561589",
"265289797900258886413689574868679093053",
"305626251967523633557600181552379173028",
"240094929358021849080060019783533587618",
"66337160365168716822454222546076431092"
],
"threshold": 0.9
}
},
{
"match_only_versions": [
"15"
],
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "hasAccountsOnAnyUser"
},
"id": "ASB-A-417988098-a7e035da",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/18eeec99a1bf4a569abb2cf03199b5c8de47c3e2",
"digest": {
"function_hash": "47098530988569470138235014943703581247",
"length": 370.0
}
}
],
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"ID"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/cb19a42cad9ada4494402d78bbe47c00fe1a9bfb"
],
"spl": "2025-12-01",
"vanir_signatures": [
{
"match_only_versions": [
"16"
],
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "hasAccountsOnAnyUser"
},
"id": "ASB-A-417988098-973d419e",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/cb19a42cad9ada4494402d78bbe47c00fe1a9bfb",
"digest": {
"function_hash": "47098530988569470138235014943703581247",
"length": 370.0
}
},
{
"match_only_versions": [
"16"
],
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"
},
"id": "ASB-A-417988098-9a53c70c",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/cb19a42cad9ada4494402d78bbe47c00fe1a9bfb",
"digest": {
"line_hashes": [
"228627409854854366920249968764744863575",
"112758038984776877850116512949538155554",
"279100164488443653505373466994203365574",
"238007327852204588133038310093592302728",
"174136908777338641885721446830945073462",
"210486942932395435650090752026016186599",
"82768522421096348039197161844264814895",
"12959855043758291770418159949942857401",
"14743293529936974676583240089675958297",
"114023606051986100405342786167960816485",
"289018824553411596236786754493969215023",
"184978904748512204470877337638793500747",
"134740195501709402976504490245098310384",
"70240218339882788536549213938104471009",
"313782378611338187130601511332942839768",
"102773042227712380051185624212894701760",
"89473433834476336072960756605294898981",
"274356538685267123918532653911816561589",
"265289797900258886413689574868679093053",
"305626251967523633557600181552379173028",
"240094929358021849080060019783533587618",
"66337160365168716822454222546076431092"
],
"threshold": 0.9
}
}
],
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"ID"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/0709fe7f702d1145515130bb4113b8ee65456812",
"https://android.googlesource.com/platform/frameworks/base/+/fe6955ed5b9224a5b29eedf529550f4a85b2237c",
"https://android.googlesource.com/platform/frameworks/base/+/dcf48a6c859809aa110998db1e6ce0fe55a076a4"
],
"spl": "2025-12-01",
"vanir_signatures": [
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "setDeviceOwner"
},
"id": "ASB-A-417988098-131ced8f",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/dcf48a6c859809aa110998db1e6ce0fe55a076a4",
"digest": {
"function_hash": "115177620488067154841259197973932496223",
"length": 2089.0
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"
},
"id": "ASB-A-417988098-4550374b",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/dcf48a6c859809aa110998db1e6ce0fe55a076a4",
"digest": {
"line_hashes": [
"33260104429753638318237273459397079142",
"203110419403296242137638840669081757511",
"125505593870081991501639928054858609553",
"257449320452807396116395594763144151000",
"192813906572782867152156975367079184998",
"52413297175982395892476449493682435981",
"25818311049377831879220737137205976661",
"209003801667110911814098593016038907241",
"321124709650192897648215414340735088190",
"335507836176658651659843300690493693091",
"239693514085725805911559505103812188783"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "setDeviceOwner"
},
"id": "ASB-A-417988098-b91e034b",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/0709fe7f702d1145515130bb4113b8ee65456812",
"digest": {
"function_hash": "115177620488067154841259197973932496223",
"length": 2089.0
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"
},
"id": "ASB-A-417988098-d7f790db",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/0709fe7f702d1145515130bb4113b8ee65456812",
"digest": {
"line_hashes": [
"33260104429753638318237273459397079142",
"203110419403296242137638840669081757511",
"125505593870081991501639928054858609553",
"257449320452807396116395594763144151000",
"192813906572782867152156975367079184998",
"52413297175982395892476449493682435981",
"25818311049377831879220737137205976661",
"209003801667110911814098593016038907241",
"321124709650192897648215414340735088190",
"335507836176658651659843300690493693091",
"239693514085725805911559505103812188783"
],
"threshold": 0.9
}
}
],
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"ID"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/fd675b76b3bf8ce693f7296ad5a88c040dae2169"
],
"spl": "2025-12-01",
"vanir_signatures": [
{
"match_only_versions": [
"14"
],
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"
},
"id": "ASB-A-417988098-07694abb",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/fd675b76b3bf8ce693f7296ad5a88c040dae2169",
"digest": {
"line_hashes": [
"303202455033692607252058234388515915159",
"112758038984776877850116512949538155554",
"279100164488443653505373466994203365574",
"238007327852204588133038310093592302728",
"174136908777338641885721446830945073462",
"210486942932395435650090752026016186599",
"82768522421096348039197161844264814895",
"12959855043758291770418159949942857401",
"14743293529936974676583240089675958297",
"114023606051986100405342786167960816485",
"289018824553411596236786754493969215023",
"184978904748512204470877337638793500747",
"134740195501709402976504490245098310384",
"70240218339882788536549213938104471009",
"313782378611338187130601511332942839768",
"102773042227712380051185624212894701760",
"89473433834476336072960756605294898981",
"274356538685267123918532653911816561589",
"265289797900258886413689574868679093053",
"305626251967523633557600181552379173028",
"240094929358021849080060019783533587618",
"66337160365168716822454222546076431092"
],
"threshold": 0.9
}
},
{
"match_only_versions": [
"14"
],
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "hasAccountsOnAnyUser"
},
"id": "ASB-A-417988098-243e113c",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/fd675b76b3bf8ce693f7296ad5a88c040dae2169",
"digest": {
"function_hash": "47098530988569470138235014943703581247",
"length": 370.0
}
}
],
"severity": "High"
}