ASB-A-438098181

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-438098181.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-438098181
Aliases
  • A-438098181
  • CVE-2025-48596
Published
2025-12-01T00:00:00Z
Modified
2025-12-11T16:45:13.702417Z
Summary
[none]
Details

In appendFrom of Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android

platform/frameworks/native

Package

Name
platform/frameworks/native

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16-next:0
Fixed
16-next:2025-12-01

Affected versions

Other

16-next

Ecosystem specific 

{
    "spl": "2025-12-01",
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "226620226467265667884944882136950941139",
                    "194680325870090258928847415399434156022",
                    "227303961434911064723463816536823782131",
                    "111872119573103270601884493566886103275"
                ]
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/ab883e120ae18ef93a4c6f17c05a14218da5118e",
            "id": "ASB-A-438098181-503a4db6",
            "deprecated": false,
            "target": {
                "file": "libs/binder/Parcel.cpp"
            },
            "signature_type": "Line",
            "signature_version": "v1"
        },
        {
            "digest": {
                "function_hash": "19595452012605691291254102540303697331",
                "length": 6458.0
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/ab883e120ae18ef93a4c6f17c05a14218da5118e",
            "id": "ASB-A-438098181-cbe4ff23",
            "deprecated": false,
            "target": {
                "file": "libs/binder/Parcel.cpp",
                "function": "Parcel::appendFrom"
            },
            "signature_type": "Function",
            "signature_version": "v1"
        }
    ],
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/native/+/ab883e120ae18ef93a4c6f17c05a14218da5118e"
    ],
    "severity": "High"
}

platform/frameworks/native

Package

Name
platform/frameworks/native

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15:0
Fixed
15:2025-12-01

Affected versions

Other

15

Ecosystem specific 

{
    "spl": "2025-12-01",
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "271858957017686624175316698069222142212",
                "length": 4549.0
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/020d869e99b02a08a7aa695a391f6f9bb20fa386",
            "id": "ASB-A-438098181-3036be20",
            "deprecated": false,
            "target": {
                "file": "libs/binder/Parcel.cpp",
                "function": "Parcel::appendFrom"
            },
            "signature_type": "Function",
            "signature_version": "v1"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "226620226467265667884944882136950941139",
                    "194680325870090258928847415399434156022",
                    "227303961434911064723463816536823782131",
                    "111872119573103270601884493566886103275"
                ]
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/020d869e99b02a08a7aa695a391f6f9bb20fa386",
            "id": "ASB-A-438098181-73a607f3",
            "deprecated": false,
            "target": {
                "file": "libs/binder/Parcel.cpp"
            },
            "signature_type": "Line",
            "signature_version": "v1"
        }
    ],
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/native/+/020d869e99b02a08a7aa695a391f6f9bb20fa386"
    ],
    "severity": "High"
}

platform/frameworks/native

Package

Name
platform/frameworks/native

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16:0
Fixed
16:2025-12-01

Affected versions

Other

16

Ecosystem specific 

{
    "spl": "2025-12-01",
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "280784413281234592702272574840347455828",
                "length": 4581.0
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/48ab33eba1eff4afc1c2d72dea846680f70efad2",
            "id": "ASB-A-438098181-9fa41562",
            "deprecated": false,
            "target": {
                "file": "libs/binder/Parcel.cpp",
                "function": "Parcel::appendFrom"
            },
            "signature_type": "Function",
            "signature_version": "v1"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "226620226467265667884944882136950941139",
                    "194680325870090258928847415399434156022",
                    "227303961434911064723463816536823782131",
                    "111872119573103270601884493566886103275"
                ]
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/48ab33eba1eff4afc1c2d72dea846680f70efad2",
            "id": "ASB-A-438098181-e5136aa6",
            "deprecated": false,
            "target": {
                "file": "libs/binder/Parcel.cpp"
            },
            "signature_type": "Line",
            "signature_version": "v1"
        }
    ],
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/native/+/48ab33eba1eff4afc1c2d72dea846680f70efad2"
    ],
    "severity": "High"
}

platform/frameworks/native

Package

Name
platform/frameworks/native

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2025-12-01

Affected versions

Other

13

Ecosystem specific 

{
    "spl": "2025-12-01",
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "226620226467265667884944882136950941139",
                    "194680325870090258928847415399434156022",
                    "200947130444670339930626986492983268167",
                    "130833822954436315010124867936197120994"
                ]
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/e091f1ccd6171835fc8258ffe21cf3fd3ab79f7e",
            "id": "ASB-A-438098181-7bcbd13f",
            "deprecated": false,
            "target": {
                "file": "libs/binder/Parcel.cpp"
            },
            "signature_type": "Line",
            "signature_version": "v1"
        },
        {
            "digest": {
                "function_hash": "53284757897949183346785532162040992162",
                "length": 2359.0
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/e091f1ccd6171835fc8258ffe21cf3fd3ab79f7e",
            "id": "ASB-A-438098181-b09b7780",
            "deprecated": false,
            "target": {
                "file": "libs/binder/Parcel.cpp",
                "function": "Parcel::appendFrom"
            },
            "signature_type": "Function",
            "signature_version": "v1"
        }
    ],
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/native/+/e091f1ccd6171835fc8258ffe21cf3fd3ab79f7e"
    ],
    "severity": "High"
}

platform/frameworks/native

Package

Name
platform/frameworks/native

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2025-12-01

Affected versions

Other

14

Ecosystem specific 

{
    "spl": "2025-12-01",
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "53284757897949183346785532162040992162",
                "length": 2359.0
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/e091f1ccd6171835fc8258ffe21cf3fd3ab79f7e",
            "id": "ASB-A-438098181-26500b1d",
            "deprecated": false,
            "target": {
                "file": "libs/binder/Parcel.cpp",
                "function": "Parcel::appendFrom"
            },
            "signature_type": "Function",
            "signature_version": "v1"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "226620226467265667884944882136950941139",
                    "194680325870090258928847415399434156022",
                    "200947130444670339930626986492983268167",
                    "130833822954436315010124867936197120994"
                ]
            },
            "source": "https://android.googlesource.com/platform/frameworks/native/+/e091f1ccd6171835fc8258ffe21cf3fd3ab79f7e",
            "id": "ASB-A-438098181-f8b96a83",
            "deprecated": false,
            "target": {
                "file": "libs/binder/Parcel.cpp"
            },
            "signature_type": "Line",
            "signature_version": "v1"
        }
    ],
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/native/+/e091f1ccd6171835fc8258ffe21cf3fd3ab79f7e"
    ],
    "severity": "High"
}