ASB-A-436270922
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-436270922.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-436270922
- Aliases
-
- A-436270922
- CVE-2025-48597
- Published
- 2025-12-01T00:00:00Z
- Modified
- 2026-04-01T17:23:19.086032Z
- Summary
- [none]
- Details
-
In multiple locations, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"types": [
"EoP"
],
"spl": "2025-12-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/3b93cc4b524cc9448b95b3d9f675de92c02dbf2e",
"https://android.googlesource.com/platform/frameworks/base/+/14855406edca11c5c31fda254aa69a31a1e0ce30"
],
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "notifyActivityPipModeChanged",
"file": "services/core/java/com/android/server/wm/RootWindowContainer.java"
},
"digest": {
"function_hash": "269355651945343595197839068460635173500",
"length": 408.0
},
"id": "ASB-A-436270922-1b451ead",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3b93cc4b524cc9448b95b3d9f675de92c02dbf2e",
"signature_version": "v1"
},
{
"signature_type": "Line",
"id": "ASB-A-436270922-2063fdf3",
"signature_version": "v1",
"deprecated": false,
"match_only_versions": [
"16-qpr2-next"
],
"digest": {
"line_hashes": [
"45269193718133096038878864473633241749",
"206492354869348673981360359428897550878",
"170507810833751271277044883124400425693"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/14855406edca11c5c31fda254aa69a31a1e0ce30",
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip2/phone/PipTransition.java"
}
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/wm/RootWindowContainer.java"
},
"digest": {
"line_hashes": [
"336128329414041485986785255850020134500",
"98746842833269232625286632026646747239",
"135831473560971872199272490872388670048",
"181969565180608064734092194822490968042",
"64258122971730289070552315897742036470",
"10679521965982889797257418100013007925",
"209286122155663749117684017571276974824",
"325172720954672710133451867413646258794",
"193561856278356899081136415864671572432",
"25366311734093193200365497717914830895",
"39115753259643863982849258164232459802"
],
"threshold": 0.9
},
"id": "ASB-A-436270922-4334f258",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3b93cc4b524cc9448b95b3d9f675de92c02dbf2e",
"signature_version": "v1"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/PipTransition.java"
},
"digest": {
"line_hashes": [
"86821652810729998457853978565073637584",
"171709855734297732412454876107829838571",
"223606371554482717259896023003373584734",
"202474807253581810443519112026049002960",
"164160144152695512777835565013146156813",
"214747920891350396742533930455975626802",
"335689480049552677066318057960370594042",
"309806977546281634943598961424576444127",
"5189011044936290452050350654056291661",
"58959286261397950994563372920528278728",
"187020830031330811808011884886701070846"
],
"threshold": 0.9
},
"id": "ASB-A-436270922-73957961",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3b93cc4b524cc9448b95b3d9f675de92c02dbf2e",
"signature_version": "v1"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "startAnimation",
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip2/phone/PipTransition.java"
},
"digest": {
"function_hash": "37138397101098744028833508653506122862",
"length": 2288.0
},
"id": "ASB-A-436270922-da02464c",
"source": "https://android.googlesource.com/platform/frameworks/base/+/14855406edca11c5c31fda254aa69a31a1e0ce30",
"signature_version": "v1"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "onFinishResize",
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/PipTransition.java"
},
"digest": {
"function_hash": "142207781644685433243381974982607573514",
"length": 2711.0
},
"id": "ASB-A-436270922-e9bd8d7f",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3b93cc4b524cc9448b95b3d9f675de92c02dbf2e",
"signature_version": "v1"
}
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"types": [
"EoP"
],
"spl": "2025-12-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/8a84266ada6944eff7e5c73bdee3caefda364bf3"
],
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/wm/RootWindowContainer.java"
},
"digest": {
"line_hashes": [
"336128329414041485986785255850020134500",
"98746842833269232625286632026646747239",
"135831473560971872199272490872388670048",
"181969565180608064734092194822490968042",
"64258122971730289070552315897742036470",
"10679521965982889797257418100013007925",
"209286122155663749117684017571276974824",
"325172720954672710133451867413646258794",
"193561856278356899081136415864671572432",
"25366311734093193200365497717914830895",
"39115753259643863982849258164232459802"
],
"threshold": 0.9
},
"id": "ASB-A-436270922-39420ab9",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8a84266ada6944eff7e5c73bdee3caefda364bf3",
"signature_version": "v1"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/PipTransition.java"
},
"digest": {
"line_hashes": [
"325238723818591138230746093925030823060",
"11468906281860857246420380433838332081",
"223606371554482717259896023003373584734",
"202474807253581810443519112026049002960",
"208232867089415725152232765778604265836",
"83198230257777703797970114132038691945",
"180106765281153805190498535982322501001",
"312342585698781370468703070961435147610",
"58959286261397950994563372920528278728",
"187020830031330811808011884886701070846"
],
"threshold": 0.9
},
"id": "ASB-A-436270922-3c6349f0",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8a84266ada6944eff7e5c73bdee3caefda364bf3",
"signature_version": "v1"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "notifyActivityPipModeChanged",
"file": "services/core/java/com/android/server/wm/RootWindowContainer.java"
},
"digest": {
"function_hash": "269355651945343595197839068460635173500",
"length": 408.0
},
"id": "ASB-A-436270922-befde376",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8a84266ada6944eff7e5c73bdee3caefda364bf3",
"signature_version": "v1"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "onFinishResize",
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/PipTransition.java"
},
"digest": {
"function_hash": "263954588701517194190808501073468744114",
"length": 2443.0
},
"id": "ASB-A-436270922-d8a11b8a",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8a84266ada6944eff7e5c73bdee3caefda364bf3",
"signature_version": "v1"
}
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"types": [
"EoP"
],
"spl": "2025-12-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/492b6ca4f31e79d9fced383a59957234aef8f8dc"
],
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/PipTransition.java"
},
"digest": {
"line_hashes": [
"86821652810729998457853978565073637584",
"171709855734297732412454876107829838571",
"223606371554482717259896023003373584734",
"202474807253581810443519112026049002960",
"164160144152695512777835565013146156813",
"214747920891350396742533930455975626802",
"335689480049552677066318057960370594042",
"309806977546281634943598961424576444127",
"5189011044936290452050350654056291661",
"58959286261397950994563372920528278728",
"187020830031330811808011884886701070846"
],
"threshold": 0.9
},
"id": "ASB-A-436270922-093e600e",
"source": "https://android.googlesource.com/platform/frameworks/base/+/492b6ca4f31e79d9fced383a59957234aef8f8dc",
"signature_version": "v1"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "notifyActivityPipModeChanged",
"file": "services/core/java/com/android/server/wm/RootWindowContainer.java"
},
"digest": {
"function_hash": "269355651945343595197839068460635173500",
"length": 408.0
},
"id": "ASB-A-436270922-21d732b3",
"source": "https://android.googlesource.com/platform/frameworks/base/+/492b6ca4f31e79d9fced383a59957234aef8f8dc",
"signature_version": "v1"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/wm/RootWindowContainer.java"
},
"digest": {
"line_hashes": [
"336128329414041485986785255850020134500",
"98746842833269232625286632026646747239",
"135831473560971872199272490872388670048",
"181969565180608064734092194822490968042",
"64258122971730289070552315897742036470",
"10679521965982889797257418100013007925",
"209286122155663749117684017571276974824",
"325172720954672710133451867413646258794",
"193561856278356899081136415864671572432",
"25366311734093193200365497717914830895",
"39115753259643863982849258164232459802"
],
"threshold": 0.9
},
"id": "ASB-A-436270922-6abe3427",
"source": "https://android.googlesource.com/platform/frameworks/base/+/492b6ca4f31e79d9fced383a59957234aef8f8dc",
"signature_version": "v1"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "onFinishResize",
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/PipTransition.java"
},
"digest": {
"function_hash": "142207781644685433243381974982607573514",
"length": 2711.0
},
"id": "ASB-A-436270922-fad25ddd",
"source": "https://android.googlesource.com/platform/frameworks/base/+/492b6ca4f31e79d9fced383a59957234aef8f8dc",
"signature_version": "v1"
}
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"types": [
"EoP"
],
"spl": "2025-12-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/0133713fb2684414f6bc8013c1da8753721281a5"
],
"vanir_signatures": [
{
"signature_type": "Function",
"id": "ASB-A-436270922-44509d31",
"signature_version": "v1",
"deprecated": false,
"match_only_versions": [
"14"
],
"digest": {
"function_hash": "202453949181807330055068513652009895444",
"length": 368.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/0133713fb2684414f6bc8013c1da8753721281a5",
"target": {
"function": "notifyActivityPipModeChanged",
"file": "services/core/java/com/android/server/wm/RootWindowContainer.java"
}
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/PipTransition.java"
},
"digest": {
"line_hashes": [
"325238723818591138230746093925030823060",
"11468906281860857246420380433838332081",
"223606371554482717259896023003373584734",
"202474807253581810443519112026049002960",
"208232867089415725152232765778604265836",
"83198230257777703797970114132038691945",
"180106765281153805190498535982322501001",
"312342585698781370468703070961435147610",
"58959286261397950994563372920528278728",
"274271080951936779992325168467118112429"
],
"threshold": 0.9
},
"id": "ASB-A-436270922-717e7b8f",
"source": "https://android.googlesource.com/platform/frameworks/base/+/0133713fb2684414f6bc8013c1da8753721281a5",
"signature_version": "v1"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "onFinishResize",
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/PipTransition.java"
},
"digest": {
"function_hash": "279650020036421659054114654503913821380",
"length": 1717.0
},
"id": "ASB-A-436270922-9afee58d",
"source": "https://android.googlesource.com/platform/frameworks/base/+/0133713fb2684414f6bc8013c1da8753721281a5",
"signature_version": "v1"
},
{
"signature_type": "Line",
"id": "ASB-A-436270922-f0f143b1",
"signature_version": "v1",
"deprecated": false,
"match_only_versions": [
"14"
],
"digest": {
"line_hashes": [
"336128329414041485986785255850020134500",
"98746842833269232625286632026646747239",
"135831473560971872199272490872388670048",
"215833453547536518502281781583930079882",
"166030460925734169630915997536057336442",
"299637781764851204431773791829786640460",
"325172720954672710133451867413646258794",
"315073648038566226938144418853880936637",
"221578477654262899328120638092141255070"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/0133713fb2684414f6bc8013c1da8753721281a5",
"target": {
"file": "services/core/java/com/android/server/wm/RootWindowContainer.java"
}
}
]
}