ASB-A-425662627
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-425662627.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-425662627
- Aliases
-
- A-425662627
- CVE-2025-48584
- Published
- 2025-12-01T00:00:00Z
- Modified
- 2026-04-02T16:07:38.132481Z
- Summary
- [none]
- Details
-
In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/16b6836078042fc1b2288912e9656d01d9d20af5"
],
"vanir_signatures": [
{
"match_only_versions": [
"16-qpr2-next"
],
"source": "https://android.googlesource.com/platform/frameworks/base/+/16b6836078042fc1b2288912e9656d01d9d20af5",
"signature_version": "v1",
"target": {
"function": "handleOnPackageChanged",
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "234157392479211378466761526158057311704",
"length": 686.0
},
"id": "ASB-A-425662627-25ff17b1"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/16b6836078042fc1b2288912e9656d01d9d20af5",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "194161223105844991819985343020321659921",
"length": 854.0
},
"id": "ASB-A-425662627-35923fc6",
"target": {
"function": "writePolicyXml",
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
}
},
{
"match_only_versions": [
"16-qpr2-next"
],
"source": "https://android.googlesource.com/platform/frameworks/base/+/16b6836078042fc1b2288912e9656d01d9d20af5",
"signature_version": "v1",
"target": {
"function": "verifyPrivilegedListener",
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "236687273776736459921012597639754413833",
"length": 450.0
},
"id": "ASB-A-425662627-564a92e4"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/16b6836078042fc1b2288912e9656d01d9d20af5",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "230845005169053885051609618412741189710",
"length": 3870.0
},
"id": "ASB-A-425662627-668f75a9",
"target": {
"function": "dumpImpl",
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
}
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/16b6836078042fc1b2288912e9656d01d9d20af5",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "51441746281777270432991826738923173889",
"length": 2395.0
},
"id": "ASB-A-425662627-9a198792",
"target": {
"function": "readPolicyXml",
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
}
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/16b6836078042fc1b2288912e9656d01d9d20af5",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"135897995689547516737237041093398459449",
"315583297743766064403846624255496421644",
"29405189250986547264372506327246430113",
"248386281050458130841695852976201213703",
"6246270668136625667263304486828972794",
"61704417962315293677064402596627918964",
"275525267369431763447644155682396000832",
"118131333017442368551233868361462706257",
"160919767251381168083297441914984133205",
"51249338142106732387578731125624804046",
"308765082829924402664006223119980114742",
"79184197438043920790041538467868314992",
"321835745768518061969458498309778881578",
"120493492971949544798728095518210738924",
"193485692543348974723692229675222377056",
"57690496347083817861931983046483405339",
"321890763064572525593091080770616968447",
"253111609355490117505618126483672602706",
"132223446513184398529684134213997197102",
"323988556313602404096970729079012055077",
"69719909794668805257984661293177042133",
"337908832011880663982781134489876166346",
"21321185561142904723273672095743516100",
"76601098041952395853029272204077707036",
"273546519276946742867236508161841542350",
"166631108232350128403885171794941088982",
"5073060024208290118250435614712143650",
"302542079501598894460537095162238162660",
"38883391852170297788732782796914227811",
"67545103514159469726136617047163561909",
"54638990873883298797259168267593230732",
"160874767781921076441051319796600415711",
"1369961732512278772026676522092717654",
"102376606943945088811267269929636996864",
"302093233342329294811118101705222711546",
"324929793847710292233519990170661256903",
"247468369077076969332123355539916591511",
"235991498533981192545553484633134625638",
"336454789701125748341567265125528059441",
"155533172812210934999856244558002337271",
"283766130607990779691835984674849535740",
"134522193208289409475764077329065961078",
"322561520036952031065636078135668936537",
"63467155925781295879605358474143372906",
"58421842729245059654982645042670428159",
"339114642993279899730468340492467598082",
"196284760059804432855141295903114244641",
"156463256223246381330264704958068571725",
"269394482417875729206798185141141308154",
"47993424825094646499213989689962774794",
"12388781355726896604721928673155496117",
"72710866419591529357307557042678401912",
"171462002755766493021670502272282575843",
"9825033146504705621527601067519516772",
"323138023984174369172506553835522716798",
"139977363228322583351830122794130331260",
"184678809655267179201945324765719473223",
"22301407107353183309674913959583939525",
"121813856793007137905069713448844733541",
"270688708793911316621425373886337141947",
"72726235945082728170932274335277372375",
"159076213996554715783557481413811683534",
"199214615883718237785270177822812185647",
"175026750667742199915631714688522293957",
"177434955818358344592956625894641102730",
"84948096829824679346122913859082908474",
"134226139381065426882122098982281036398",
"81462634743453177432493912645195300983",
"216061055908474923009522425213533370485",
"256481087164918290579263625397188400605",
"111251792567390295708392436146538013635",
"130501159583426063565927317597782085077",
"34181740895323194935191489585816328269",
"2269420210310684519317793485936761916"
]
},
"id": "ASB-A-425662627-b3fdf57c",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
}
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/16b6836078042fc1b2288912e9656d01d9d20af5",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "82638517559702168265842320378771425487",
"length": 3005.0
},
"id": "ASB-A-425662627-ba3bf308",
"target": {
"function": "onStart",
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
}
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/16b6836078042fc1b2288912e9656d01d9d20af5",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "55061854829876695296635705178976216544",
"length": 9250.0
},
"id": "ASB-A-425662627-e1c87534",
"target": {
"function": "init",
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
}
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/16b6836078042fc1b2288912e9656d01d9d20af5",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "23551821650618922045207646444283433796",
"length": 1022.0
},
"id": "ASB-A-425662627-f9fe94fb",
"target": {
"function": "createConversationNotificationChannelForPackageFromPrivilegedListener",
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
}
}
],
"spl": "2025-12-01",
"severity": "High",
"types": [
"DoS"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/262f537110110e85eb0aaf27fbf6ee38a1659b05"
],
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/262f537110110e85eb0aaf27fbf6ee38a1659b05",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "135596783293236406347658140469984563398",
"length": 3902.0
},
"id": "ASB-A-425662627-63e7dc51",
"target": {
"function": "dumpImpl",
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
}
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/262f537110110e85eb0aaf27fbf6ee38a1659b05",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "42921360810459001151030940469014118579",
"length": 736.0
},
"id": "ASB-A-425662627-8de63aae",
"target": {
"function": "createConversationNotificationChannelForPackageFromPrivilegedListener",
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
}
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/262f537110110e85eb0aaf27fbf6ee38a1659b05",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "194161223105844991819985343020321659921",
"length": 854.0
},
"id": "ASB-A-425662627-9340d0ff",
"target": {
"function": "writePolicyXml",
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
}
},
{
"match_only_versions": [
"16"
],
"source": "https://android.googlesource.com/platform/frameworks/base/+/262f537110110e85eb0aaf27fbf6ee38a1659b05",
"signature_version": "v1",
"target": {
"function": "verifyPrivilegedListener",
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "236687273776736459921012597639754413833",
"length": 450.0
},
"id": "ASB-A-425662627-cc781f12"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/262f537110110e85eb0aaf27fbf6ee38a1659b05",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "51441746281777270432991826738923173889",
"length": 2395.0
},
"id": "ASB-A-425662627-dca5ad82",
"target": {
"function": "readPolicyXml",
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
}
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/262f537110110e85eb0aaf27fbf6ee38a1659b05",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"135897995689547516737237041093398459449",
"315583297743766064403846624255496421644",
"29405189250986547264372506327246430113",
"248386281050458130841695852976201213703",
"6246270668136625667263304486828972794",
"61704417962315293677064402596627918964",
"275525267369431763447644155682396000832",
"118131333017442368551233868361462706257",
"160919767251381168083297441914984133205",
"51249338142106732387578731125624804046",
"308765082829924402664006223119980114742",
"79184197438043920790041538467868314992",
"323442239760031026575201511897767727028",
"160234294633955345409021255675406467455",
"13291824750132431422749821631835117311",
"222976519158713685181886236704992935711",
"321890763064572525593091080770616968447",
"253111609355490117505618126483672602706",
"132223446513184398529684134213997197102",
"323988556313602404096970729079012055077",
"152942684572397017710583860686318174106",
"312798707272331405955179836554379373399",
"314494733642689879143834171809681860791",
"8675371721318526816699281374037052830",
"273546519276946742867236508161841542350",
"9207063480862443880321720692808695401",
"247598298467561954723884588845967486314",
"134349106886321940339019943351053682229",
"54638990873883298797259168267593230732",
"160874767781921076441051319796600415711",
"1369961732512278772026676522092717654",
"102376606943945088811267269929636996864",
"302093233342329294811118101705222711546",
"324929793847710292233519990170661256903",
"247468369077076969332123355539916591511",
"235991498533981192545553484633134625638",
"336454789701125748341567265125528059441",
"155533172812210934999856244558002337271",
"283766130607990779691835984674849535740",
"134522193208289409475764077329065961078",
"322561520036952031065636078135668936537",
"63467155925781295879605358474143372906",
"58421842729245059654982645042670428159",
"339114642993279899730468340492467598082",
"196284760059804432855141295903114244641",
"156463256223246381330264704958068571725",
"269394482417875729206798185141141308154",
"47993424825094646499213989689962774794",
"12388781355726896604721928673155496117",
"72710866419591529357307557042678401912",
"171462002755766493021670502272282575843",
"9825033146504705621527601067519516772",
"323138023984174369172506553835522716798",
"139977363228322583351830122794130331260",
"184678809655267179201945324765719473223",
"22301407107353183309674913959583939525",
"121813856793007137905069713448844733541",
"270688708793911316621425373886337141947",
"72726235945082728170932274335277372375",
"159076213996554715783557481413811683534",
"199214615883718237785270177822812185647",
"175026750667742199915631714688522293957",
"177434955818358344592956625894641102730",
"84948096829824679346122913859082908474",
"134226139381065426882122098982281036398",
"81462634743453177432493912645195300983",
"216061055908474923009522425213533370485",
"256481087164918290579263625397188400605",
"111251792567390295708392436146538013635",
"130501159583426063565927317597782085077",
"34181740895323194935191489585816328269",
"2269420210310684519317793485936761916"
]
},
"id": "ASB-A-425662627-de1da1a6",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
}
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/262f537110110e85eb0aaf27fbf6ee38a1659b05",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "223711100670863851982664216029820943180",
"length": 8999.0
},
"id": "ASB-A-425662627-df08914e",
"target": {
"function": "init",
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
}
},
{
"match_only_versions": [
"16"
],
"source": "https://android.googlesource.com/platform/frameworks/base/+/262f537110110e85eb0aaf27fbf6ee38a1659b05",
"signature_version": "v1",
"target": {
"function": "handleOnPackageChanged",
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "234157392479211378466761526158057311704",
"length": 686.0
},
"id": "ASB-A-425662627-e608b2b5"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/262f537110110e85eb0aaf27fbf6ee38a1659b05",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "322136027155435506284165115064793340624",
"length": 2886.0
},
"id": "ASB-A-425662627-eacbd517",
"target": {
"function": "onStart",
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
}
}
],
"spl": "2025-12-01",
"severity": "High",
"types": [
"DoS"
]
}