ASB-A-428700812

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-428700812.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-428700812

Aliases

A-428700812
CVE-2025-48574

Published

2026-03-01T00:00:00Z

Modified

2026-04-23T15:15:38.048727Z

Summary

[none]

Details

In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

16-qpr2-next:0

Fixed

16-qpr2-next:2026-03-01

Affected versions

Other

16-qpr2-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "98752812802073782255665731612229756896",
                    "274262754643115422597428948583922289536",
                    "318731427274930132367561533845173014749",
                    "317343576857372265059508882391318437561"
                ]
            },
            "id": "ASB-A-428700812-4705c668",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/467b18585de4d1faa80d4b056dd3d69654d16651",
            "target": {
                "file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
            }
        },
        {
            "digest": {
                "length": 1231.0,
                "function_hash": "186755667958182594295730593138560154409"
            },
            "id": "ASB-A-428700812-52e0f1fa",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/467b18585de4d1faa80d4b056dd3d69654d16651",
            "target": {
                "function": "validateAddingWindowLw",
                "file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/467b18585de4d1faa80d4b056dd3d69654d16651"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2026-03-01",
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-428700812.json"

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15:0

Fixed

15:2026-03-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1929.0,
                "function_hash": "29989405332654415831203586040819263246"
            },
            "id": "ASB-A-428700812-529ee2cb",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c33c47731fd942dd54d6cedaa222eadbbade098b",
            "target": {
                "function": "validateAddingWindowLw",
                "file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "98752812802073782255665731612229756896",
                    "274262754643115422597428948583922289536",
                    "148102332571247974663867562405591437184",
                    "117545886929869845745615480157282044347"
                ]
            },
            "id": "ASB-A-428700812-fc2ee646",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c33c47731fd942dd54d6cedaa222eadbbade098b",
            "target": {
                "file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/c33c47731fd942dd54d6cedaa222eadbbade098b"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2026-03-01",
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-428700812.json"

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

16:0

Fixed

16:2026-03-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1785.0,
                "function_hash": "172941894425957385641700590191833076711"
            },
            "id": "ASB-A-428700812-eb31c1f3",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c63342c195420912e6b2ce30b8a13d435f253a05",
            "target": {
                "function": "validateAddingWindowLw",
                "file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "98752812802073782255665731612229756896",
                    "274262754643115422597428948583922289536",
                    "318731427274930132367561533845173014749",
                    "317343576857372265059508882391318437561"
                ]
            },
            "id": "ASB-A-428700812-f8755ed4",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c63342c195420912e6b2ce30b8a13d435f253a05",
            "target": {
                "file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/c63342c195420912e6b2ce30b8a13d435f253a05"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2026-03-01",
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-428700812.json"

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

14:0

Fixed

14:2026-03-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "98752812802073782255665731612229756896",
                    "274262754643115422597428948583922289536",
                    "148102332571247974663867562405591437184",
                    "117545886929869845745615480157282044347"
                ]
            },
            "id": "ASB-A-428700812-65ee588a",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/94a7059e033c4ebb226bc587e23e0abe9a1141ec",
            "target": {
                "file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
            }
        },
        {
            "digest": {
                "length": 3035.0,
                "function_hash": "121505959893738281513223359954111053405"
            },
            "id": "ASB-A-428700812-f1c80cbe",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/94a7059e033c4ebb226bc587e23e0abe9a1141ec",
            "target": {
                "function": "validateAddingWindowLw",
                "file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/94a7059e033c4ebb226bc587e23e0abe9a1141ec"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2026-03-01",
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-428700812.json"