ASB-A-428945391
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-428945391.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-428945391
- Aliases
-
- A-428945391
- CVE-2025-48581
- Published
- 2025-11-01T00:00:00Z
- Modified
- 2025-11-14T16:44:49.782125Z
- Summary
- [none]
- Details
-
In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2025-11-01
- https://android.googlesource.com/platform/build/+/cda08bfbf55aed1e4c79efe6a66bb930d19a8a13
- https://android.googlesource.com/platform/system/apex/+/5a33fa4202cb5f06d7f02f3a2b8d13780d7cb3f5
- https://android.googlesource.com/platform/system/apex/+/13bbfe3ef2953e9805d57d3219cc122e485ba90f
Affected packages
Android / platform/build
Package
- Name
- platform/build
Android / platform/system/apex
Package
Ecosystem specific
{
"spl": "2025-11-01",
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/system/apex/+/e8474ce3f0a27b9781b6eaf518520941a3820111",
"https://android.googlesource.com/platform/system/apex/+/fa11a4437b6a5d41d503fac3763ed0d17e5adeff",
"https://android.googlesource.com/platform/system/apex/+/8b89163d61b800ca56ce974e3546790b8617da9d"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"deprecated": false,
"id": "ASB-A-428945391-007f5cb7",
"source": "https://android.googlesource.com/platform/system/apex/+/e8474ce3f0a27b9781b6eaf518520941a3820111",
"signature_version": "v1",
"target": {
"file": "apexd/apexd.cpp"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"175917095348843160700424818166486520653",
"30425094193163543155963132339065551264",
"299251075908848645897139723645939297160",
"275730233787607256365024819872528287055",
"205824012699372239740774163840791275833",
"148118273040957037683679203715463304634",
"52108119062793506449817648475710431310",
"89436116488515070387007099259755383256",
"183696079466424190639803743696520507841",
"114477007463711046531956477069194721748",
"4020812786432045008653458036011727943",
"295481725748347345290013375034056990375"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"id": "ASB-A-428945391-06ed9e81",
"source": "https://android.googlesource.com/platform/system/apex/+/e8474ce3f0a27b9781b6eaf518520941a3820111",
"signature_version": "v1",
"target": {
"function": "TEST_F",
"file": "apexd/apexd_test.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "121278165439356723875710429288290633327",
"length": 312.0
}
},
{
"deprecated": false,
"id": "ASB-A-428945391-300dfe9c",
"source": "https://android.googlesource.com/platform/system/apex/+/e8474ce3f0a27b9781b6eaf518520941a3820111",
"signature_version": "v1",
"target": {
"function": "VerifyNoOverlapInSessions",
"file": "apexd/apexd.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "166277273963399411157087798512642315690",
"length": 596.0
}
},
{
"deprecated": false,
"id": "ASB-A-428945391-c5faf4e8",
"source": "https://android.googlesource.com/platform/system/apex/+/e8474ce3f0a27b9781b6eaf518520941a3820111",
"signature_version": "v1",
"target": {
"file": "apexd/apexd_test.cpp"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"52157845959511572691352331476719520445",
"217789726687832973363975091640464677103",
"226259752552317461791458198722527628200",
"234005877175019193026504174551496243218",
"234660702027869820818331263267980610251",
"154070696187209746810672341621860282179",
"29358273819798901044955327876350372115",
"303395101341504222598207390591217822317",
"313454767841376224634286675241210428431",
"287061343837500287771387032489256023353",
"142103851895818989805276152044261276839",
"102243921965501156304027347410701275629",
"162610883514293771637610730148472690826",
"114975212925962633791762223934937599880",
"272879143918057264466504474331999430965",
"113527164020389351472254726476464797231",
"196266306533798557804225872360412629272",
"282745649002026583143270617724075631605",
"219415052305547252475768502827317305082",
"337759656446115835035328561982834845054",
"6174480674815779188630459385428239866",
"278774742762054142479654539375391260310",
"164589572204029079691621865732970429974"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"id": "ASB-A-428945391-f7008c37",
"source": "https://android.googlesource.com/platform/system/apex/+/e8474ce3f0a27b9781b6eaf518520941a3820111",
"signature_version": "v1",
"target": {
"function": "TEST_F",
"file": "apexd/apexd_test.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "255213190898107091193437316625706956132",
"length": 383.0
}
}
]
}
Android / platform/build
Package
- Name
- platform/build
Android / platform/system/apex
Package
Ecosystem specific
{
"spl": "2025-11-01",
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/system/apex/+/43dd1249f40c5f4cbe06e236ed376b34ba418f2f",
"https://android.googlesource.com/platform/system/apex/+/b9c9fb3d71291fee7be9bd77b96f38c05dca3398"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"deprecated": false,
"id": "ASB-A-428945391-2529a41f",
"source": "https://android.googlesource.com/platform/system/apex/+/b9c9fb3d71291fee7be9bd77b96f38c05dca3398",
"signature_version": "v1",
"target": {
"function": "VerifyNoOverlapInSessions",
"file": "apexd/apexd.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "166277273963399411157087798512642315690",
"length": 596.0
}
},
{
"deprecated": false,
"id": "ASB-A-428945391-2af8eca0",
"source": "https://android.googlesource.com/platform/system/apex/+/b9c9fb3d71291fee7be9bd77b96f38c05dca3398",
"signature_version": "v1",
"target": {
"file": "apexd/apexd_test.cpp"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"52157845959511572691352331476719520445",
"217789726687832973363975091640464677103",
"226259752552317461791458198722527628200",
"234005877175019193026504174551496243218",
"234660702027869820818331263267980610251",
"154070696187209746810672341621860282179",
"29358273819798901044955327876350372115",
"303395101341504222598207390591217822317",
"313454767841376224634286675241210428431",
"287061343837500287771387032489256023353",
"142103851895818989805276152044261276839",
"102243921965501156304027347410701275629",
"162610883514293771637610730148472690826",
"114975212925962633791762223934937599880",
"272879143918057264466504474331999430965",
"113527164020389351472254726476464797231",
"196266306533798557804225872360412629272",
"282745649002026583143270617724075631605",
"219415052305547252475768502827317305082",
"337759656446115835035328561982834845054",
"6174480674815779188630459385428239866",
"278774742762054142479654539375391260310",
"164589572204029079691621865732970429974"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"id": "ASB-A-428945391-48066754",
"source": "https://android.googlesource.com/platform/system/apex/+/b9c9fb3d71291fee7be9bd77b96f38c05dca3398",
"signature_version": "v1",
"target": {
"function": "TEST_F",
"file": "apexd/apexd_test.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "255213190898107091193437316625706956132",
"length": 383.0
}
},
{
"deprecated": false,
"id": "ASB-A-428945391-4c5359f6",
"source": "https://android.googlesource.com/platform/system/apex/+/b9c9fb3d71291fee7be9bd77b96f38c05dca3398",
"signature_version": "v1",
"target": {
"file": "apexd/apexd.cpp"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"175917095348843160700424818166486520653",
"30425094193163543155963132339065551264",
"299251075908848645897139723645939297160",
"275730233787607256365024819872528287055",
"205824012699372239740774163840791275833",
"148118273040957037683679203715463304634",
"52108119062793506449817648475710431310",
"89436116488515070387007099259755383256",
"183696079466424190639803743696520507841",
"114477007463711046531956477069194721748",
"4020812786432045008653458036011727943",
"295481725748347345290013375034056990375"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"id": "ASB-A-428945391-c90a6a54",
"source": "https://android.googlesource.com/platform/system/apex/+/b9c9fb3d71291fee7be9bd77b96f38c05dca3398",
"signature_version": "v1",
"target": {
"function": "TEST_F",
"file": "apexd/apexd_test.cpp"
},
"signature_type": "Function",
"digest": {
"function_hash": "121278165439356723875710429288290633327",
"length": 312.0
}
}
]
}