ASB-A-421834866
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-421834866.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-421834866
- Aliases
-
- A-421834866
- CVE-2025-48543
- Published
- 2025-09-01T00:00:00Z
- Modified
- 2025-09-25T15:05:51.076520Z
- Summary
- [none]
- Details
-
In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/art
Package
- Name
- platform/art
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/art/+/a4826745b63bdab1db7536680e1c8e947a56f7be"
],
"spl": "2025-09-01",
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"93042001673570758164955484611472937945",
"210059820850445663927855288473636582474",
"168764221434458206634282258064962786548",
"213747540815394322684217598133020849293",
"43380239696504003072672943211929732393",
"210059820850445663927855288473636582474",
"93685734557718478658774086443038011426",
"252311456818325108515821481433258653024",
"43380239696504003072672943211929732393",
"210059820850445663927855288473636582474",
"93685734557718478658774086443038011426",
"252311456818325108515821481433258653024"
],
"threshold": 0.9
},
"deprecated": false,
"id": "ASB-A-421834866-1f83ee6a",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/art/+/a4826745b63bdab1db7536680e1c8e947a56f7be",
"target": {
"file": "runtime/jni/jni_internal.cc"
}
},
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"318175798206364399068125455848973457498",
"49599964405972301408463774553020455786",
"217308792712619646893685293953929467731",
"165135128904613808392184669235818512444",
"136093256872794273189917161131387259922",
"239265620321943650895806586069170778540",
"174850594554258182951196052336323955833",
"126293268005353645688329951035917897487",
"177146394063457466984112697808645286223",
"332907883884141747864492388116623370532",
"189555250400296093052864948839148190576",
"185375570391535075126137532634179412070",
"129290206423232314454787806218433399395",
"330612365766470132099827887849800071338",
"332568779437633916878551050687441018308",
"185375570391535075126137532634179412070",
"129290206423232314454787806218433399395",
"330612365766470132099827887849800071338",
"25730226993543684315250474714426929997"
],
"threshold": 0.9
},
"deprecated": false,
"id": "ASB-A-421834866-c1526391",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/art/+/a4826745b63bdab1db7536680e1c8e947a56f7be",
"target": {
"file": "runtime/jni/check_jni.cc"
}
}
]
}
Android / platform/art
Package
- Name
- platform/art
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/art/+/400ef836b724fb3288ca0c047c10eb94c3da5494"
],
"spl": "2025-09-01",
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"93042001673570758164955484611472937945",
"210059820850445663927855288473636582474",
"168764221434458206634282258064962786548",
"213747540815394322684217598133020849293",
"43380239696504003072672943211929732393",
"210059820850445663927855288473636582474",
"93685734557718478658774086443038011426",
"252311456818325108515821481433258653024",
"43380239696504003072672943211929732393",
"210059820850445663927855288473636582474",
"93685734557718478658774086443038011426",
"252311456818325108515821481433258653024"
],
"threshold": 0.9
},
"deprecated": false,
"id": "ASB-A-421834866-32da5c18",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/art/+/400ef836b724fb3288ca0c047c10eb94c3da5494",
"target": {
"file": "runtime/jni/jni_internal.cc"
}
},
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"318175798206364399068125455848973457498",
"49599964405972301408463774553020455786",
"217308792712619646893685293953929467731",
"165135128904613808392184669235818512444",
"136093256872794273189917161131387259922",
"239265620321943650895806586069170778540",
"174850594554258182951196052336323955833",
"126293268005353645688329951035917897487",
"177146394063457466984112697808645286223",
"332907883884141747864492388116623370532",
"189555250400296093052864948839148190576",
"185375570391535075126137532634179412070",
"129290206423232314454787806218433399395",
"330612365766470132099827887849800071338",
"332568779437633916878551050687441018308",
"185375570391535075126137532634179412070",
"129290206423232314454787806218433399395",
"330612365766470132099827887849800071338",
"25730226993543684315250474714426929997"
],
"threshold": 0.9
},
"deprecated": false,
"id": "ASB-A-421834866-5e3facc1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/art/+/400ef836b724fb3288ca0c047c10eb94c3da5494",
"target": {
"file": "runtime/jni/check_jni.cc"
}
}
]
}
Android / platform/art
Package
- Name
- platform/art
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/art/+/a5889a1a85117d0b168ff5bb9e0c123d2cd6409f"
],
"spl": "2025-09-01",
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"93042001673570758164955484611472937945",
"210059820850445663927855288473636582474",
"168764221434458206634282258064962786548",
"213747540815394322684217598133020849293",
"43380239696504003072672943211929732393",
"210059820850445663927855288473636582474",
"93685734557718478658774086443038011426",
"252311456818325108515821481433258653024",
"43380239696504003072672943211929732393",
"210059820850445663927855288473636582474",
"93685734557718478658774086443038011426",
"252311456818325108515821481433258653024"
],
"threshold": 0.9
},
"deprecated": false,
"id": "ASB-A-421834866-3c2765f3",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/art/+/a5889a1a85117d0b168ff5bb9e0c123d2cd6409f",
"target": {
"file": "runtime/jni/jni_internal.cc"
}
},
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"318175798206364399068125455848973457498",
"49599964405972301408463774553020455786",
"217308792712619646893685293953929467731",
"165135128904613808392184669235818512444",
"136093256872794273189917161131387259922",
"239265620321943650895806586069170778540",
"174850594554258182951196052336323955833",
"126293268005353645688329951035917897487",
"177146394063457466984112697808645286223",
"332907883884141747864492388116623370532",
"189555250400296093052864948839148190576",
"185375570391535075126137532634179412070",
"129290206423232314454787806218433399395",
"330612365766470132099827887849800071338",
"332568779437633916878551050687441018308",
"185375570391535075126137532634179412070",
"129290206423232314454787806218433399395",
"330612365766470132099827887849800071338",
"25730226993543684315250474714426929997"
],
"threshold": 0.9
},
"deprecated": false,
"id": "ASB-A-421834866-d62c4003",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/art/+/a5889a1a85117d0b168ff5bb9e0c123d2cd6409f",
"target": {
"file": "runtime/jni/check_jni.cc"
}
}
]
}
Android / platform/art
Package
- Name
- platform/art
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/art/+/8c31724a6a7d0d693be3c349b6b788ca74ccc071"
],
"spl": "2025-09-01",
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"318175798206364399068125455848973457498",
"49599964405972301408463774553020455786",
"217308792712619646893685293953929467731",
"165135128904613808392184669235818512444",
"136093256872794273189917161131387259922",
"239265620321943650895806586069170778540",
"174850594554258182951196052336323955833",
"126293268005353645688329951035917897487",
"177146394063457466984112697808645286223",
"332907883884141747864492388116623370532",
"189555250400296093052864948839148190576",
"185375570391535075126137532634179412070",
"129290206423232314454787806218433399395",
"330612365766470132099827887849800071338",
"332568779437633916878551050687441018308",
"185375570391535075126137532634179412070",
"129290206423232314454787806218433399395",
"330612365766470132099827887849800071338",
"25730226993543684315250474714426929997"
],
"threshold": 0.9
},
"deprecated": false,
"id": "ASB-A-421834866-0539a5fa",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/art/+/8c31724a6a7d0d693be3c349b6b788ca74ccc071",
"target": {
"file": "runtime/jni/check_jni.cc"
}
},
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"93042001673570758164955484611472937945",
"210059820850445663927855288473636582474",
"168764221434458206634282258064962786548",
"213747540815394322684217598133020849293",
"43380239696504003072672943211929732393",
"210059820850445663927855288473636582474",
"93685734557718478658774086443038011426",
"252311456818325108515821481433258653024",
"43380239696504003072672943211929732393",
"210059820850445663927855288473636582474",
"93685734557718478658774086443038011426",
"252311456818325108515821481433258653024"
],
"threshold": 0.9
},
"deprecated": false,
"id": "ASB-A-421834866-ba494d02",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/art/+/8c31724a6a7d0d693be3c349b6b788ca74ccc071",
"target": {
"file": "runtime/jni/jni_internal.cc"
}
}
]
}
Android / platform/art
Package
- Name
- platform/art
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/art/+/1c6660e00e960103249037298c8d7f08d9b0cc2a"
],
"spl": "2025-09-01",
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"318175798206364399068125455848973457498",
"49599964405972301408463774553020455786",
"217308792712619646893685293953929467731",
"165135128904613808392184669235818512444",
"136093256872794273189917161131387259922",
"239265620321943650895806586069170778540",
"174850594554258182951196052336323955833",
"126293268005353645688329951035917897487",
"177146394063457466984112697808645286223",
"332907883884141747864492388116623370532",
"189555250400296093052864948839148190576",
"185375570391535075126137532634179412070",
"129290206423232314454787806218433399395",
"330612365766470132099827887849800071338",
"332568779437633916878551050687441018308",
"185375570391535075126137532634179412070",
"129290206423232314454787806218433399395",
"330612365766470132099827887849800071338",
"25730226993543684315250474714426929997"
],
"threshold": 0.9
},
"deprecated": false,
"id": "ASB-A-421834866-4ace1828",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/art/+/1c6660e00e960103249037298c8d7f08d9b0cc2a",
"target": {
"file": "runtime/jni/check_jni.cc"
}
},
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"93042001673570758164955484611472937945",
"210059820850445663927855288473636582474",
"168764221434458206634282258064962786548",
"213747540815394322684217598133020849293",
"43380239696504003072672943211929732393",
"210059820850445663927855288473636582474",
"93685734557718478658774086443038011426",
"252311456818325108515821481433258653024",
"43380239696504003072672943211929732393",
"210059820850445663927855288473636582474",
"93685734557718478658774086443038011426",
"252311456818325108515821481433258653024"
],
"threshold": 0.9
},
"deprecated": false,
"id": "ASB-A-421834866-89a48b8f",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/art/+/1c6660e00e960103249037298c8d7f08d9b0cc2a",
"target": {
"file": "runtime/jni/jni_internal.cc"
}
}
]
}