ASB-A-438098181

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-438098181.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-438098181

Aliases

A-438098181
CVE-2025-48596

Published

2025-12-01T00:00:00Z

Modified

2026-04-07T15:34:34.465012Z

Summary

[none]

Details

In appendFrom of Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android

platform/frameworks/native

Package

Name: platform/frameworks/native

Affected ranges

Type: ECOSYSTEM
Events: Introduced

16-qpr2-next:0

Fixed

16-qpr2-next:2025-12-01

Affected versions

Other

16-qpr2-next

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/native/+/ab883e120ae18ef93a4c6f17c05a14218da5118e"
    ],
    "spl": "2025-12-01",
    "severity": "High",
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "226620226467265667884944882136950941139",
                    "194680325870090258928847415399434156022",
                    "227303961434911064723463816536823782131",
                    "111872119573103270601884493566886103275"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/ab883e120ae18ef93a4c6f17c05a14218da5118e",
            "id": "ASB-A-438098181-503a4db6",
            "target": {
                "file": "libs/binder/Parcel.cpp"
            }
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1",
            "digest": {
                "function_hash": "19595452012605691291254102540303697331",
                "length": 6458.0
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/ab883e120ae18ef93a4c6f17c05a14218da5118e",
            "id": "ASB-A-438098181-cbe4ff23",
            "target": {
                "file": "libs/binder/Parcel.cpp",
                "function": "Parcel::appendFrom"
            }
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-438098181.json"

platform/frameworks/native

Package

Name: platform/frameworks/native

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15:0

Fixed

15:2025-12-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/native/+/020d869e99b02a08a7aa695a391f6f9bb20fa386"
    ],
    "spl": "2025-12-01",
    "severity": "High",
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1",
            "digest": {
                "function_hash": "271858957017686624175316698069222142212",
                "length": 4549.0
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/020d869e99b02a08a7aa695a391f6f9bb20fa386",
            "id": "ASB-A-438098181-3036be20",
            "target": {
                "file": "libs/binder/Parcel.cpp",
                "function": "Parcel::appendFrom"
            }
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "226620226467265667884944882136950941139",
                    "194680325870090258928847415399434156022",
                    "227303961434911064723463816536823782131",
                    "111872119573103270601884493566886103275"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/020d869e99b02a08a7aa695a391f6f9bb20fa386",
            "id": "ASB-A-438098181-73a607f3",
            "target": {
                "file": "libs/binder/Parcel.cpp"
            }
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-438098181.json"

platform/frameworks/native

Package

Name: platform/frameworks/native

Affected ranges

Type: ECOSYSTEM
Events: Introduced

16:0

Fixed

16:2025-12-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/native/+/48ab33eba1eff4afc1c2d72dea846680f70efad2"
    ],
    "spl": "2025-12-01",
    "severity": "High",
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1",
            "digest": {
                "function_hash": "280784413281234592702272574840347455828",
                "length": 4581.0
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/48ab33eba1eff4afc1c2d72dea846680f70efad2",
            "id": "ASB-A-438098181-9fa41562",
            "target": {
                "file": "libs/binder/Parcel.cpp",
                "function": "Parcel::appendFrom"
            }
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "226620226467265667884944882136950941139",
                    "194680325870090258928847415399434156022",
                    "227303961434911064723463816536823782131",
                    "111872119573103270601884493566886103275"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/48ab33eba1eff4afc1c2d72dea846680f70efad2",
            "id": "ASB-A-438098181-e5136aa6",
            "target": {
                "file": "libs/binder/Parcel.cpp"
            }
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-438098181.json"

platform/frameworks/native

Package

Name: platform/frameworks/native

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13:0

Fixed

13:2025-12-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/native/+/e091f1ccd6171835fc8258ffe21cf3fd3ab79f7e"
    ],
    "spl": "2025-12-01",
    "severity": "High",
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "226620226467265667884944882136950941139",
                    "194680325870090258928847415399434156022",
                    "200947130444670339930626986492983268167",
                    "130833822954436315010124867936197120994"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/e091f1ccd6171835fc8258ffe21cf3fd3ab79f7e",
            "id": "ASB-A-438098181-7bcbd13f",
            "target": {
                "file": "libs/binder/Parcel.cpp"
            }
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1",
            "digest": {
                "function_hash": "53284757897949183346785532162040992162",
                "length": 2359.0
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/e091f1ccd6171835fc8258ffe21cf3fd3ab79f7e",
            "id": "ASB-A-438098181-b09b7780",
            "target": {
                "file": "libs/binder/Parcel.cpp",
                "function": "Parcel::appendFrom"
            }
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-438098181.json"

platform/frameworks/native

Package

Name: platform/frameworks/native

Affected ranges

Type: ECOSYSTEM
Events: Introduced

14:0

Fixed

14:2025-12-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/native/+/e091f1ccd6171835fc8258ffe21cf3fd3ab79f7e"
    ],
    "spl": "2025-12-01",
    "severity": "High",
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1",
            "digest": {
                "function_hash": "53284757897949183346785532162040992162",
                "length": 2359.0
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/e091f1ccd6171835fc8258ffe21cf3fd3ab79f7e",
            "id": "ASB-A-438098181-26500b1d",
            "target": {
                "file": "libs/binder/Parcel.cpp",
                "function": "Parcel::appendFrom"
            }
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "226620226467265667884944882136950941139",
                    "194680325870090258928847415399434156022",
                    "200947130444670339930626986492983268167",
                    "130833822954436315010124867936197120994"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/e091f1ccd6171835fc8258ffe21cf3fd3ab79f7e",
            "id": "ASB-A-438098181-f8b96a83",
            "target": {
                "file": "libs/binder/Parcel.cpp"
            }
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-438098181.json"