ASB-A-452010556
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-452010556.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-452010556
- Aliases
-
- A-452010556
- CVE-2026-0061
- Published
- 2026-06-01T00:00:00Z
- Modified
- 2026-06-29T16:19:56.847794780Z
- Summary
- [none]
- Details
-
In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/47589e30fe8bd9b8884758985bd23fb25b83a8fe"
],
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"length": 678.0,
"function_hash": "219547898696826789866437462920609420287"
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/47589e30fe8bd9b8884758985bd23fb25b83a8fe",
"signature_type": "Function",
"id": "ASB-A-452010556-cb85155d",
"target": {
"function": "checkPolicyVisibilityChange",
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
},
{
"signature_version": "v1",
"digest": {
"length": 1263.0,
"function_hash": "138155818687340239248084879561883814677"
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/47589e30fe8bd9b8884758985bd23fb25b83a8fe",
"signature_type": "Function",
"id": "ASB-A-452010556-cbcb4ac4",
"target": {
"function": "show",
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"132273760158267097983055288787745018694",
"47474440456811787385441026627601259867",
"242470691432714548066435559718828354906",
"56253570038693443920346756364922371372",
"165124606163499328616044586147998878597",
"156262576093604747735016125120236669588",
"192755441024916862262803870834814989812",
"327426287910549702753734403691805186519",
"121307267217890474450687958466294167117",
"124008452490842615502247265697895910966",
"166910566218191803577508002129885722568",
"203909322426140432772460716763774854065"
]
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/47589e30fe8bd9b8884758985bd23fb25b83a8fe",
"signature_type": "Line",
"id": "ASB-A-452010556-d3cc0b9d",
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
},
{
"signature_version": "v1",
"digest": {
"length": 977.0,
"function_hash": "159025997728744761787732655721851653361"
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/47589e30fe8bd9b8884758985bd23fb25b83a8fe",
"signature_type": "Function",
"id": "ASB-A-452010556-fb17d557",
"target": {
"function": "hide",
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
}
],
"spl": "2026-06-01"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/837d1ffa54b637de35558c87dae7d0c155721a43"
],
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"length": 861.0,
"function_hash": "142158782823989243623119978438196278745"
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/837d1ffa54b637de35558c87dae7d0c155721a43",
"signature_type": "Function",
"id": "ASB-A-452010556-0614470d",
"target": {
"function": "hide",
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"132273760158267097983055288787745018694",
"47474440456811787385441026627601259867",
"242470691432714548066435559718828354906",
"56253570038693443920346756364922371372",
"165124606163499328616044586147998878597",
"156262576093604747735016125120236669588",
"192755441024916862262803870834814989812",
"327426287910549702753734403691805186519",
"121307267217890474450687958466294167117",
"124008452490842615502247265697895910966",
"324428782986657472512410250713071903874",
"308282977652990622579472355143846589277"
]
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/837d1ffa54b637de35558c87dae7d0c155721a43",
"signature_type": "Line",
"id": "ASB-A-452010556-2e2f8729",
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
},
{
"signature_version": "v1",
"digest": {
"length": 678.0,
"function_hash": "219547898696826789866437462920609420287"
},
"target": {
"function": "checkPolicyVisibilityChange",
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/837d1ffa54b637de35558c87dae7d0c155721a43",
"signature_type": "Function",
"id": "ASB-A-452010556-542f0e18",
"deprecated": false
},
{
"signature_version": "v1",
"digest": {
"length": 1073.0,
"function_hash": "295990930738223302744833455286679802854"
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/837d1ffa54b637de35558c87dae7d0c155721a43",
"signature_type": "Function",
"id": "ASB-A-452010556-d36fee16",
"target": {
"function": "show",
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
}
],
"spl": "2026-06-01"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/31f2c2486a1af6a3cea4403783978d6544e15d63"
],
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"length": 678.0,
"function_hash": "219547898696826789866437462920609420287"
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/31f2c2486a1af6a3cea4403783978d6544e15d63",
"signature_type": "Function",
"id": "ASB-A-452010556-4d57f745",
"target": {
"function": "checkPolicyVisibilityChange",
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"132273760158267097983055288787745018694",
"47474440456811787385441026627601259867",
"242470691432714548066435559718828354906",
"56253570038693443920346756364922371372",
"165124606163499328616044586147998878597",
"156262576093604747735016125120236669588",
"192755441024916862262803870834814989812",
"327426287910549702753734403691805186519",
"121307267217890474450687958466294167117",
"124008452490842615502247265697895910966",
"324428782986657472512410250713071903874",
"308282977652990622579472355143846589277"
]
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/31f2c2486a1af6a3cea4403783978d6544e15d63",
"signature_type": "Line",
"id": "ASB-A-452010556-7d02ecf6",
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
},
{
"signature_version": "v1",
"digest": {
"length": 1073.0,
"function_hash": "295990930738223302744833455286679802854"
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/31f2c2486a1af6a3cea4403783978d6544e15d63",
"signature_type": "Function",
"id": "ASB-A-452010556-89986394",
"target": {
"function": "show",
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
},
{
"signature_version": "v1",
"digest": {
"length": 861.0,
"function_hash": "142158782823989243623119978438196278745"
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/31f2c2486a1af6a3cea4403783978d6544e15d63",
"signature_type": "Function",
"id": "ASB-A-452010556-f3bd14c2",
"target": {
"function": "hide",
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
}
],
"spl": "2026-06-01"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/2f94bab50c57d490c9d4597d0c077e7610200c71"
],
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"length": 1209.0,
"function_hash": "8161235701582556819583907762950175376"
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/2f94bab50c57d490c9d4597d0c077e7610200c71",
"signature_type": "Function",
"id": "ASB-A-452010556-5e4e82a0",
"target": {
"function": "show",
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
},
{
"signature_version": "v1",
"digest": {
"length": 977.0,
"function_hash": "159025997728744761787732655721851653361"
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/2f94bab50c57d490c9d4597d0c077e7610200c71",
"signature_type": "Function",
"id": "ASB-A-452010556-5f240f95",
"target": {
"function": "hide",
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"132273760158267097983055288787745018694",
"47474440456811787385441026627601259867",
"242470691432714548066435559718828354906",
"56253570038693443920346756364922371372",
"165124606163499328616044586147998878597",
"156262576093604747735016125120236669588",
"192755441024916862262803870834814989812",
"327426287910549702753734403691805186519",
"121307267217890474450687958466294167117",
"124008452490842615502247265697895910966",
"166910566218191803577508002129885722568",
"203909322426140432772460716763774854065"
]
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/2f94bab50c57d490c9d4597d0c077e7610200c71",
"signature_type": "Line",
"id": "ASB-A-452010556-697d3d98",
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
},
{
"signature_version": "v1",
"digest": {
"length": 678.0,
"function_hash": "219547898696826789866437462920609420287"
},
"target": {
"function": "checkPolicyVisibilityChange",
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/2f94bab50c57d490c9d4597d0c077e7610200c71",
"signature_type": "Function",
"id": "ASB-A-452010556-ba3acbc3",
"deprecated": false
}
],
"spl": "2026-06-01"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"spl": "2026-06-01",
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e58fd9cd11e400235ac480b4fba6a20f8161ff9b"
],
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"length": 678.0,
"function_hash": "219547898696826789866437462920609420287"
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/e58fd9cd11e400235ac480b4fba6a20f8161ff9b",
"signature_type": "Function",
"id": "ASB-A-452010556-39caf7e4",
"target": {
"function": "checkPolicyVisibilityChange",
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
},
{
"signature_version": "v1",
"digest": {
"length": 1073.0,
"function_hash": "295990930738223302744833455286679802854"
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/e58fd9cd11e400235ac480b4fba6a20f8161ff9b",
"signature_type": "Function",
"id": "ASB-A-452010556-4247b1ca",
"target": {
"function": "show",
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"189797230159533773981665047340823514841",
"29852250565518537273863339087482042728",
"177333664150954540924630996645953050901",
"260092212136069913281304572642024478635",
"165124606163499328616044586147998878597",
"156262576093604747735016125120236669588",
"192755441024916862262803870834814989812",
"327426287910549702753734403691805186519",
"121307267217890474450687958466294167117",
"124008452490842615502247265697895910966",
"324428782986657472512410250713071903874",
"308282977652990622579472355143846589277"
]
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/e58fd9cd11e400235ac480b4fba6a20f8161ff9b",
"signature_type": "Line",
"id": "ASB-A-452010556-97783533",
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
},
{
"signature_version": "v1",
"digest": {
"length": 861.0,
"function_hash": "142158782823989243623119978438196278745"
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/e58fd9cd11e400235ac480b4fba6a20f8161ff9b",
"signature_type": "Function",
"id": "ASB-A-452010556-af2902e5",
"target": {
"function": "hide",
"file": "services/core/java/com/android/server/wm/WindowState.java"
}
}
],
"types": [
"EoP"
]
}