ASB-A-427206637
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-427206637.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-427206637
- Aliases
-
- A-427206637
- CVE-2025-48594
- Published
- 2025-12-01T00:00:00Z
- Modified
- 2026-04-01T17:23:19.086032Z
- Summary
- [none]
- Details
-
In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion application privileges after disassociation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"types": [
"EoP"
],
"spl": "2025-12-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/69baf67afba5fae48ef6f42e5992dfab1fc7eb41"
],
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "DisassociationProcessor",
"file": "services/companion/java/com/android/server/companion/association/DisassociationProcessor.java"
},
"digest": {
"function_hash": "306235220049361442763866834730307360753",
"length": 562.0
},
"id": "ASB-A-427206637-63c5bf30",
"source": "https://android.googlesource.com/platform/frameworks/base/+/69baf67afba5fae48ef6f42e5992dfab1fc7eb41",
"signature_version": "v1"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/companion/java/com/android/server/companion/association/DisassociationProcessor.java"
},
"digest": {
"line_hashes": [
"281874490177312240519823729995279595255",
"336422262116570940965302276666271992073",
"152987804126297213632007953015756770793",
"900460132994484871143206169214672768",
"295900567739669827141609041679651153417",
"17858190896436977160783581958648170706",
"289141942368134470275835757175997236983",
"183591313061829470571358821269624125482",
"296461132857050775513415903868645086250",
"55876948739860922906961234465690407005",
"268839658239330683300583130105139948143",
"78679649780624026710572694548968956542",
"100963698831982946850636221095012176559",
"178736118144794565967805850641235219037",
"12119720721443488657888573779541422073",
"61213372158523721349442871688769486887",
"200067696639067216286633604541937684904",
"118094738247380640521411378209770298720",
"238416160406399331743794316174095301730",
"4447673686929424407966694870797471753",
"310961716639004085620806337535202332795",
"167753429901858045856690845393467382168",
"322569379880868258134088291095467345051"
],
"threshold": 0.9
},
"id": "ASB-A-427206637-c7c33632",
"source": "https://android.googlesource.com/platform/frameworks/base/+/69baf67afba5fae48ef6f42e5992dfab1fc7eb41",
"signature_version": "v1"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "onUidImportance",
"file": "services/companion/java/com/android/server/companion/association/DisassociationProcessor.java"
},
"digest": {
"function_hash": "119636507221916344533198422203838461594",
"length": 450.0
},
"id": "ASB-A-427206637-fe6e898e",
"source": "https://android.googlesource.com/platform/frameworks/base/+/69baf67afba5fae48ef6f42e5992dfab1fc7eb41",
"signature_version": "v1"
}
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"types": [
"EoP"
],
"spl": "2025-12-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/90756fe1878be807c0cc0f6e7d9ad263cce0d4f0"
],
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/companion/java/com/android/server/companion/association/DisassociationProcessor.java"
},
"digest": {
"line_hashes": [
"194407252432011980615410794665000479921",
"181706948423201038949800844103099513725",
"152987804126297213632007953015756770793",
"900460132994484871143206169214672768",
"295900567739669827141609041679651153417",
"17858190896436977160783581958648170706",
"289141942368134470275835757175997236983",
"183591313061829470571358821269624125482",
"296461132857050775513415903868645086250",
"55876948739860922906961234465690407005",
"122871192071459603143293108294724120468",
"9206985791235077847704506950061438514",
"126285850625806013088781323971727928998",
"178736118144794565967805850641235219037",
"12119720721443488657888573779541422073",
"61213372158523721349442871688769486887",
"200067696639067216286633604541937684904",
"118094738247380640521411378209770298720",
"238416160406399331743794316174095301730",
"333421850611826967987825142472079619031",
"698821384916654366304422741692771527",
"263236051533883028084344966376056148658",
"149994166698843150873583445365667347945"
],
"threshold": 0.9
},
"id": "ASB-A-427206637-d922c9d6",
"source": "https://android.googlesource.com/platform/frameworks/base/+/90756fe1878be807c0cc0f6e7d9ad263cce0d4f0",
"signature_version": "v1"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "onUidImportance",
"file": "services/companion/java/com/android/server/companion/association/DisassociationProcessor.java"
},
"digest": {
"function_hash": "199473710430211135731756668506887018538",
"length": 472.0
},
"id": "ASB-A-427206637-da224555",
"source": "https://android.googlesource.com/platform/frameworks/base/+/90756fe1878be807c0cc0f6e7d9ad263cce0d4f0",
"signature_version": "v1"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "DisassociationProcessor",
"file": "services/companion/java/com/android/server/companion/association/DisassociationProcessor.java"
},
"digest": {
"function_hash": "306235220049361442763866834730307360753",
"length": 562.0
},
"id": "ASB-A-427206637-f1232a87",
"source": "https://android.googlesource.com/platform/frameworks/base/+/90756fe1878be807c0cc0f6e7d9ad263cce0d4f0",
"signature_version": "v1"
}
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"types": [
"EoP"
],
"spl": "2025-12-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/5d85254e025ceba2c89ab03427bd1e2f8b68cc45"
],
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "onUidImportance",
"file": "services/companion/java/com/android/server/companion/association/DisassociationProcessor.java"
},
"digest": {
"function_hash": "119636507221916344533198422203838461594",
"length": 450.0
},
"id": "ASB-A-427206637-06ea6ddc",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5d85254e025ceba2c89ab03427bd1e2f8b68cc45",
"signature_version": "v1"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/companion/java/com/android/server/companion/association/DisassociationProcessor.java"
},
"digest": {
"line_hashes": [
"194407252432011980615410794665000479921",
"181706948423201038949800844103099513725",
"152987804126297213632007953015756770793",
"900460132994484871143206169214672768",
"295900567739669827141609041679651153417",
"17858190896436977160783581958648170706",
"289141942368134470275835757175997236983",
"183591313061829470571358821269624125482",
"296461132857050775513415903868645086250",
"55876948739860922906961234465690407005",
"268839658239330683300583130105139948143",
"78679649780624026710572694548968956542",
"100963698831982946850636221095012176559",
"178736118144794565967805850641235219037",
"12119720721443488657888573779541422073",
"61213372158523721349442871688769486887",
"200067696639067216286633604541937684904",
"118094738247380640521411378209770298720",
"238416160406399331743794316174095301730",
"4447673686929424407966694870797471753",
"310961716639004085620806337535202332795",
"167753429901858045856690845393467382168",
"322569379880868258134088291095467345051"
],
"threshold": 0.9
},
"id": "ASB-A-427206637-e88267b5",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5d85254e025ceba2c89ab03427bd1e2f8b68cc45",
"signature_version": "v1"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "DisassociationProcessor",
"file": "services/companion/java/com/android/server/companion/association/DisassociationProcessor.java"
},
"digest": {
"function_hash": "306235220049361442763866834730307360753",
"length": 562.0
},
"id": "ASB-A-427206637-f71b5366",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5d85254e025ceba2c89ab03427bd1e2f8b68cc45",
"signature_version": "v1"
}
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"types": [
"EoP"
],
"spl": "2025-12-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/d508d024261cd746f189ce51472b9df4af7f53f0"
],
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "onUidImportance",
"file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"
},
"digest": {
"function_hash": "72299295015094316309416543401159986616",
"length": 527.0
},
"id": "ASB-A-427206637-012742c4",
"source": "https://android.googlesource.com/platform/frameworks/base/+/d508d024261cd746f189ce51472b9df4af7f53f0",
"signature_version": "v1"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "CompanionDeviceManagerService",
"file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"
},
"digest": {
"function_hash": "202162200958170292469142224371157195393",
"length": 726.0
},
"id": "ASB-A-427206637-35918929",
"source": "https://android.googlesource.com/platform/frameworks/base/+/d508d024261cd746f189ce51472b9df4af7f53f0",
"signature_version": "v1"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"
},
"digest": {
"line_hashes": [
"43460930496671996457242955919966882949",
"322696364151095460627845930943184926026",
"24901215148654845815625619171569808522",
"204492804076074712624147504353710493265",
"121327029803329998838724841509645250818",
"17544327125814070885832006516692954321",
"45752289063922161400513535575125651866",
"240123326566786973848266722384464629634",
"215174910791780241836412797926831331454",
"289568127228921354895740450764838314954",
"312685666919126306847854473611324711911",
"239792416476300270839793351085108686731",
"244331801646106553510693905526560863631",
"31052009500075734041877029994961998238",
"81939064661954587564176904771549399673",
"331232681124377162690832855640670147041",
"98860449454069059746714285281935036845",
"201445487092169480580440174363878675466",
"125517822916051674776273450539841626100",
"242837889376537584886448049800601665322",
"68419213998497834263558417488119642872",
"6972273287019048467622653550387545717",
"12375694401191497956445477182788378446",
"77134692694715250248342756223831879293"
],
"threshold": 0.9
},
"id": "ASB-A-427206637-efe2cc3d",
"source": "https://android.googlesource.com/platform/frameworks/base/+/d508d024261cd746f189ce51472b9df4af7f53f0",
"signature_version": "v1"
}
]
}