ASB-A-421834866

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-421834866.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-421834866
Aliases
  • A-421834866
  • CVE-2025-48543
Published
2025-09-01T00:00:00Z
Modified
2025-09-05T14:56:56.826104Z
Summary
[none]
Details

In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/art

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16-next:0
Fixed
16-next:2025-09-01

Affected versions

Other

16-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "93042001673570758164955484611472937945",
                    "210059820850445663927855288473636582474",
                    "168764221434458206634282258064962786548",
                    "213747540815394322684217598133020849293",
                    "43380239696504003072672943211929732393",
                    "210059820850445663927855288473636582474",
                    "93685734557718478658774086443038011426",
                    "252311456818325108515821481433258653024",
                    "43380239696504003072672943211929732393",
                    "210059820850445663927855288473636582474",
                    "93685734557718478658774086443038011426",
                    "252311456818325108515821481433258653024"
                ]
            },
            "signature_version": "v1",
            "target": {
                "file": "runtime/jni/jni_internal.cc"
            },
            "id": "ASB-A-421834866-1f83ee6a",
            "source": "https://android.googlesource.com/platform/art/+/a4826745b63bdab1db7536680e1c8e947a56f7be"
        },
        {
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "318175798206364399068125455848973457498",
                    "49599964405972301408463774553020455786",
                    "217308792712619646893685293953929467731",
                    "165135128904613808392184669235818512444",
                    "136093256872794273189917161131387259922",
                    "239265620321943650895806586069170778540",
                    "174850594554258182951196052336323955833",
                    "126293268005353645688329951035917897487",
                    "177146394063457466984112697808645286223",
                    "332907883884141747864492388116623370532",
                    "189555250400296093052864948839148190576",
                    "185375570391535075126137532634179412070",
                    "129290206423232314454787806218433399395",
                    "330612365766470132099827887849800071338",
                    "332568779437633916878551050687441018308",
                    "185375570391535075126137532634179412070",
                    "129290206423232314454787806218433399395",
                    "330612365766470132099827887849800071338",
                    "25730226993543684315250474714426929997"
                ]
            },
            "signature_version": "v1",
            "target": {
                "file": "runtime/jni/check_jni.cc"
            },
            "id": "ASB-A-421834866-c1526391",
            "source": "https://android.googlesource.com/platform/art/+/a4826745b63bdab1db7536680e1c8e947a56f7be"
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2025-09-01",
    "fixes": [
        "https://android.googlesource.com/platform/art/+/a4826745b63bdab1db7536680e1c8e947a56f7be"
    ]
}

Android / platform/art

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15:0
Fixed
15:2025-09-01

Affected versions

Other

15

Ecosystem specific

{
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "93042001673570758164955484611472937945",
                    "210059820850445663927855288473636582474",
                    "168764221434458206634282258064962786548",
                    "213747540815394322684217598133020849293",
                    "43380239696504003072672943211929732393",
                    "210059820850445663927855288473636582474",
                    "93685734557718478658774086443038011426",
                    "252311456818325108515821481433258653024",
                    "43380239696504003072672943211929732393",
                    "210059820850445663927855288473636582474",
                    "93685734557718478658774086443038011426",
                    "252311456818325108515821481433258653024"
                ]
            },
            "signature_version": "v1",
            "target": {
                "file": "runtime/jni/jni_internal.cc"
            },
            "id": "ASB-A-421834866-32da5c18",
            "source": "https://android.googlesource.com/platform/art/+/400ef836b724fb3288ca0c047c10eb94c3da5494"
        },
        {
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "318175798206364399068125455848973457498",
                    "49599964405972301408463774553020455786",
                    "217308792712619646893685293953929467731",
                    "165135128904613808392184669235818512444",
                    "136093256872794273189917161131387259922",
                    "239265620321943650895806586069170778540",
                    "174850594554258182951196052336323955833",
                    "126293268005353645688329951035917897487",
                    "177146394063457466984112697808645286223",
                    "332907883884141747864492388116623370532",
                    "189555250400296093052864948839148190576",
                    "185375570391535075126137532634179412070",
                    "129290206423232314454787806218433399395",
                    "330612365766470132099827887849800071338",
                    "332568779437633916878551050687441018308",
                    "185375570391535075126137532634179412070",
                    "129290206423232314454787806218433399395",
                    "330612365766470132099827887849800071338",
                    "25730226993543684315250474714426929997"
                ]
            },
            "signature_version": "v1",
            "target": {
                "file": "runtime/jni/check_jni.cc"
            },
            "id": "ASB-A-421834866-5e3facc1",
            "source": "https://android.googlesource.com/platform/art/+/400ef836b724fb3288ca0c047c10eb94c3da5494"
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2025-09-01",
    "fixes": [
        "https://android.googlesource.com/platform/art/+/400ef836b724fb3288ca0c047c10eb94c3da5494"
    ]
}

Android / platform/art

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16:0
Fixed
16:2025-09-01

Affected versions

Other

16

Ecosystem specific

{
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "93042001673570758164955484611472937945",
                    "210059820850445663927855288473636582474",
                    "168764221434458206634282258064962786548",
                    "213747540815394322684217598133020849293",
                    "43380239696504003072672943211929732393",
                    "210059820850445663927855288473636582474",
                    "93685734557718478658774086443038011426",
                    "252311456818325108515821481433258653024",
                    "43380239696504003072672943211929732393",
                    "210059820850445663927855288473636582474",
                    "93685734557718478658774086443038011426",
                    "252311456818325108515821481433258653024"
                ]
            },
            "signature_version": "v1",
            "target": {
                "file": "runtime/jni/jni_internal.cc"
            },
            "id": "ASB-A-421834866-3c2765f3",
            "source": "https://android.googlesource.com/platform/art/+/a5889a1a85117d0b168ff5bb9e0c123d2cd6409f"
        },
        {
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "318175798206364399068125455848973457498",
                    "49599964405972301408463774553020455786",
                    "217308792712619646893685293953929467731",
                    "165135128904613808392184669235818512444",
                    "136093256872794273189917161131387259922",
                    "239265620321943650895806586069170778540",
                    "174850594554258182951196052336323955833",
                    "126293268005353645688329951035917897487",
                    "177146394063457466984112697808645286223",
                    "332907883884141747864492388116623370532",
                    "189555250400296093052864948839148190576",
                    "185375570391535075126137532634179412070",
                    "129290206423232314454787806218433399395",
                    "330612365766470132099827887849800071338",
                    "332568779437633916878551050687441018308",
                    "185375570391535075126137532634179412070",
                    "129290206423232314454787806218433399395",
                    "330612365766470132099827887849800071338",
                    "25730226993543684315250474714426929997"
                ]
            },
            "signature_version": "v1",
            "target": {
                "file": "runtime/jni/check_jni.cc"
            },
            "id": "ASB-A-421834866-d62c4003",
            "source": "https://android.googlesource.com/platform/art/+/a5889a1a85117d0b168ff5bb9e0c123d2cd6409f"
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2025-09-01",
    "fixes": [
        "https://android.googlesource.com/platform/art/+/a5889a1a85117d0b168ff5bb9e0c123d2cd6409f"
    ]
}

Android / platform/art

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2025-09-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "318175798206364399068125455848973457498",
                    "49599964405972301408463774553020455786",
                    "217308792712619646893685293953929467731",
                    "165135128904613808392184669235818512444",
                    "136093256872794273189917161131387259922",
                    "239265620321943650895806586069170778540",
                    "174850594554258182951196052336323955833",
                    "126293268005353645688329951035917897487",
                    "177146394063457466984112697808645286223",
                    "332907883884141747864492388116623370532",
                    "189555250400296093052864948839148190576",
                    "185375570391535075126137532634179412070",
                    "129290206423232314454787806218433399395",
                    "330612365766470132099827887849800071338",
                    "332568779437633916878551050687441018308",
                    "185375570391535075126137532634179412070",
                    "129290206423232314454787806218433399395",
                    "330612365766470132099827887849800071338",
                    "25730226993543684315250474714426929997"
                ]
            },
            "signature_version": "v1",
            "target": {
                "file": "runtime/jni/check_jni.cc"
            },
            "id": "ASB-A-421834866-0539a5fa",
            "source": "https://android.googlesource.com/platform/art/+/8c31724a6a7d0d693be3c349b6b788ca74ccc071"
        },
        {
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "93042001673570758164955484611472937945",
                    "210059820850445663927855288473636582474",
                    "168764221434458206634282258064962786548",
                    "213747540815394322684217598133020849293",
                    "43380239696504003072672943211929732393",
                    "210059820850445663927855288473636582474",
                    "93685734557718478658774086443038011426",
                    "252311456818325108515821481433258653024",
                    "43380239696504003072672943211929732393",
                    "210059820850445663927855288473636582474",
                    "93685734557718478658774086443038011426",
                    "252311456818325108515821481433258653024"
                ]
            },
            "signature_version": "v1",
            "target": {
                "file": "runtime/jni/jni_internal.cc"
            },
            "id": "ASB-A-421834866-ba494d02",
            "source": "https://android.googlesource.com/platform/art/+/8c31724a6a7d0d693be3c349b6b788ca74ccc071"
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2025-09-01",
    "fixes": [
        "https://android.googlesource.com/platform/art/+/8c31724a6a7d0d693be3c349b6b788ca74ccc071"
    ]
}

Android / platform/art

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2025-09-01

Affected versions

Other

14

Ecosystem specific

{
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "318175798206364399068125455848973457498",
                    "49599964405972301408463774553020455786",
                    "217308792712619646893685293953929467731",
                    "165135128904613808392184669235818512444",
                    "136093256872794273189917161131387259922",
                    "239265620321943650895806586069170778540",
                    "174850594554258182951196052336323955833",
                    "126293268005353645688329951035917897487",
                    "177146394063457466984112697808645286223",
                    "332907883884141747864492388116623370532",
                    "189555250400296093052864948839148190576",
                    "185375570391535075126137532634179412070",
                    "129290206423232314454787806218433399395",
                    "330612365766470132099827887849800071338",
                    "332568779437633916878551050687441018308",
                    "185375570391535075126137532634179412070",
                    "129290206423232314454787806218433399395",
                    "330612365766470132099827887849800071338",
                    "25730226993543684315250474714426929997"
                ]
            },
            "signature_version": "v1",
            "target": {
                "file": "runtime/jni/check_jni.cc"
            },
            "id": "ASB-A-421834866-4ace1828",
            "source": "https://android.googlesource.com/platform/art/+/1c6660e00e960103249037298c8d7f08d9b0cc2a"
        },
        {
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "93042001673570758164955484611472937945",
                    "210059820850445663927855288473636582474",
                    "168764221434458206634282258064962786548",
                    "213747540815394322684217598133020849293",
                    "43380239696504003072672943211929732393",
                    "210059820850445663927855288473636582474",
                    "93685734557718478658774086443038011426",
                    "252311456818325108515821481433258653024",
                    "43380239696504003072672943211929732393",
                    "210059820850445663927855288473636582474",
                    "93685734557718478658774086443038011426",
                    "252311456818325108515821481433258653024"
                ]
            },
            "signature_version": "v1",
            "target": {
                "file": "runtime/jni/jni_internal.cc"
            },
            "id": "ASB-A-421834866-89a48b8f",
            "source": "https://android.googlesource.com/platform/art/+/1c6660e00e960103249037298c8d7f08d9b0cc2a"
        }
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2025-09-01",
    "fixes": [
        "https://android.googlesource.com/platform/art/+/1c6660e00e960103249037298c8d7f08d9b0cc2a"
    ]
}