ASB-A-433251166
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-433251166.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-433251166
- Aliases
-
- A-433251166
- CVE-2026-0007
- Published
- 2026-03-01T00:00:00Z
- Modified
- 2026-04-14T15:05:17.852631Z
- Summary
- [none]
- Details
-
In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/03b9ecf49d11630d5992da30265fb03621846ce1"
],
"vanir_signatures": [
{
"match_only_versions": [
"16-qpr2-next"
],
"target": {
"file": "libs/gui/WindowInfo.cpp"
},
"digest": {
"line_hashes": [
"11968114377855659063378960728208100753",
"305124388906133541940712074515890443530",
"318958507213923030039908357102476088956",
"313060144513310184883407558215823407297",
"219552857511252441948800965910285988086",
"340061046736469676612529618721038314221",
"181226440056422328338090035981296325394"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "ASB-A-433251166-0e904e3b",
"deprecated": false,
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/03b9ecf49d11630d5992da30265fb03621846ce1"
},
{
"match_only_versions": [
"16-qpr2-next"
],
"target": {
"function": "WindowInfo::writeToParcel",
"file": "libs/gui/WindowInfo.cpp"
},
"digest": {
"function_hash": "275979120619071444917290488762406076730",
"length": 1900.0
},
"signature_version": "v1",
"id": "ASB-A-433251166-7dd261d7",
"deprecated": false,
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/03b9ecf49d11630d5992da30265fb03621846ce1"
}
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2026-03-01"
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/de1b131c0806f16f7ad76b42244ea207ccc64cbc"
],
"vanir_signatures": [
{
"id": "ASB-A-433251166-36f40c5b",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "114624152261741290800350092301065489318",
"length": 1981.0
},
"source": "https://android.googlesource.com/platform/frameworks/native/+/de1b131c0806f16f7ad76b42244ea207ccc64cbc",
"target": {
"function": "WindowInfo::writeToParcel",
"file": "libs/gui/WindowInfo.cpp"
},
"deprecated": false
},
{
"match_only_versions": [
"15"
],
"target": {
"file": "libs/gui/WindowInfo.cpp"
},
"digest": {
"line_hashes": [
"11968114377855659063378960728208100753",
"305124388906133541940712074515890443530",
"318958507213923030039908357102476088956",
"313060144513310184883407558215823407297",
"219552857511252441948800965910285988086",
"340061046736469676612529618721038314221",
"181226440056422328338090035981296325394"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "ASB-A-433251166-b8d85a76",
"deprecated": false,
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/de1b131c0806f16f7ad76b42244ea207ccc64cbc"
}
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2026-03-01"
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/1d4bb5d8bef543769e3fef7d4f4bc720696cd7cd"
],
"vanir_signatures": [
{
"match_only_versions": [
"16"
],
"target": {
"function": "WindowInfo::writeToParcel",
"file": "libs/gui/WindowInfo.cpp"
},
"digest": {
"function_hash": "275979120619071444917290488762406076730",
"length": 1900.0
},
"signature_version": "v1",
"id": "ASB-A-433251166-74606f83",
"deprecated": false,
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/1d4bb5d8bef543769e3fef7d4f4bc720696cd7cd"
},
{
"match_only_versions": [
"16"
],
"target": {
"file": "libs/gui/WindowInfo.cpp"
},
"digest": {
"line_hashes": [
"11968114377855659063378960728208100753",
"305124388906133541940712074515890443530",
"318958507213923030039908357102476088956",
"313060144513310184883407558215823407297",
"219552857511252441948800965910285988086",
"340061046736469676612529618721038314221",
"181226440056422328338090035981296325394"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "ASB-A-433251166-eaef952b",
"deprecated": false,
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/1d4bb5d8bef543769e3fef7d4f4bc720696cd7cd"
}
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2026-03-01"
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/9c7fcd60b64e4fb0e29ef10dd26acdc92081bbd9"
],
"vanir_signatures": [
{
"id": "ASB-A-433251166-e892c58d",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"258512655259737954363327915207554126316",
"299355640196846537115011525305231893888",
"322748327824787907063795388556363262506",
"313060144513310184883407558215823407297",
"219552857511252441948800965910285988086",
"340061046736469676612529618721038314221",
"181226440056422328338090035981296325394"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/native/+/9c7fcd60b64e4fb0e29ef10dd26acdc92081bbd9",
"target": {
"file": "libs/gui/WindowInfo.cpp"
},
"deprecated": false
},
{
"id": "ASB-A-433251166-eaef387f",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "301837789919764440613752627139208173597",
"length": 1825.0
},
"source": "https://android.googlesource.com/platform/frameworks/native/+/9c7fcd60b64e4fb0e29ef10dd26acdc92081bbd9",
"target": {
"function": "WindowInfo::writeToParcel",
"file": "libs/gui/WindowInfo.cpp"
},
"deprecated": false
}
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2026-03-01"
}