ASB-A-452010556

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-452010556.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-452010556
Aliases
  • A-452010556
  • CVE-2026-0061
Published
2026-06-01T00:00:00Z
Modified
2026-06-29T16:19:56.847794780Z
Summary
[none]
Details

In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
17-next:0
Fixed
17-next:2026-06-01

Affected versions

Other
17-next

Ecosystem specific

{
    "types": [
        "EoP"
    ],
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/47589e30fe8bd9b8884758985bd23fb25b83a8fe"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "digest": {
                "length": 678.0,
                "function_hash": "219547898696826789866437462920609420287"
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/47589e30fe8bd9b8884758985bd23fb25b83a8fe",
            "signature_type": "Function",
            "id": "ASB-A-452010556-cb85155d",
            "target": {
                "function": "checkPolicyVisibilityChange",
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            }
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 1263.0,
                "function_hash": "138155818687340239248084879561883814677"
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/47589e30fe8bd9b8884758985bd23fb25b83a8fe",
            "signature_type": "Function",
            "id": "ASB-A-452010556-cbcb4ac4",
            "target": {
                "function": "show",
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            }
        },
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "132273760158267097983055288787745018694",
                    "47474440456811787385441026627601259867",
                    "242470691432714548066435559718828354906",
                    "56253570038693443920346756364922371372",
                    "165124606163499328616044586147998878597",
                    "156262576093604747735016125120236669588",
                    "192755441024916862262803870834814989812",
                    "327426287910549702753734403691805186519",
                    "121307267217890474450687958466294167117",
                    "124008452490842615502247265697895910966",
                    "166910566218191803577508002129885722568",
                    "203909322426140432772460716763774854065"
                ]
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/47589e30fe8bd9b8884758985bd23fb25b83a8fe",
            "signature_type": "Line",
            "id": "ASB-A-452010556-d3cc0b9d",
            "target": {
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            }
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 977.0,
                "function_hash": "159025997728744761787732655721851653361"
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/47589e30fe8bd9b8884758985bd23fb25b83a8fe",
            "signature_type": "Function",
            "id": "ASB-A-452010556-fb17d557",
            "target": {
                "function": "hide",
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            }
        }
    ],
    "spl": "2026-06-01"
}

Database specific

source
"https://storage.googleapis.com/android-osv/ASB-A-452010556.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15:0
Fixed
15:2026-06-01

Affected versions

Other
15

Ecosystem specific

{
    "types": [
        "EoP"
    ],
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/837d1ffa54b637de35558c87dae7d0c155721a43"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "digest": {
                "length": 861.0,
                "function_hash": "142158782823989243623119978438196278745"
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/837d1ffa54b637de35558c87dae7d0c155721a43",
            "signature_type": "Function",
            "id": "ASB-A-452010556-0614470d",
            "target": {
                "function": "hide",
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            }
        },
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "132273760158267097983055288787745018694",
                    "47474440456811787385441026627601259867",
                    "242470691432714548066435559718828354906",
                    "56253570038693443920346756364922371372",
                    "165124606163499328616044586147998878597",
                    "156262576093604747735016125120236669588",
                    "192755441024916862262803870834814989812",
                    "327426287910549702753734403691805186519",
                    "121307267217890474450687958466294167117",
                    "124008452490842615502247265697895910966",
                    "324428782986657472512410250713071903874",
                    "308282977652990622579472355143846589277"
                ]
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/837d1ffa54b637de35558c87dae7d0c155721a43",
            "signature_type": "Line",
            "id": "ASB-A-452010556-2e2f8729",
            "target": {
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            }
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 678.0,
                "function_hash": "219547898696826789866437462920609420287"
            },
            "target": {
                "function": "checkPolicyVisibilityChange",
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/837d1ffa54b637de35558c87dae7d0c155721a43",
            "signature_type": "Function",
            "id": "ASB-A-452010556-542f0e18",
            "deprecated": false
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 1073.0,
                "function_hash": "295990930738223302744833455286679802854"
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/837d1ffa54b637de35558c87dae7d0c155721a43",
            "signature_type": "Function",
            "id": "ASB-A-452010556-d36fee16",
            "target": {
                "function": "show",
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            }
        }
    ],
    "spl": "2026-06-01"
}

Database specific

source
"https://storage.googleapis.com/android-osv/ASB-A-452010556.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16:0
Fixed
16:2026-06-01

Affected versions

Other
16

Ecosystem specific

{
    "types": [
        "EoP"
    ],
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/31f2c2486a1af6a3cea4403783978d6544e15d63"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "digest": {
                "length": 678.0,
                "function_hash": "219547898696826789866437462920609420287"
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/31f2c2486a1af6a3cea4403783978d6544e15d63",
            "signature_type": "Function",
            "id": "ASB-A-452010556-4d57f745",
            "target": {
                "function": "checkPolicyVisibilityChange",
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            }
        },
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "132273760158267097983055288787745018694",
                    "47474440456811787385441026627601259867",
                    "242470691432714548066435559718828354906",
                    "56253570038693443920346756364922371372",
                    "165124606163499328616044586147998878597",
                    "156262576093604747735016125120236669588",
                    "192755441024916862262803870834814989812",
                    "327426287910549702753734403691805186519",
                    "121307267217890474450687958466294167117",
                    "124008452490842615502247265697895910966",
                    "324428782986657472512410250713071903874",
                    "308282977652990622579472355143846589277"
                ]
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/31f2c2486a1af6a3cea4403783978d6544e15d63",
            "signature_type": "Line",
            "id": "ASB-A-452010556-7d02ecf6",
            "target": {
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            }
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 1073.0,
                "function_hash": "295990930738223302744833455286679802854"
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/31f2c2486a1af6a3cea4403783978d6544e15d63",
            "signature_type": "Function",
            "id": "ASB-A-452010556-89986394",
            "target": {
                "function": "show",
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            }
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 861.0,
                "function_hash": "142158782823989243623119978438196278745"
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/31f2c2486a1af6a3cea4403783978d6544e15d63",
            "signature_type": "Function",
            "id": "ASB-A-452010556-f3bd14c2",
            "target": {
                "function": "hide",
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            }
        }
    ],
    "spl": "2026-06-01"
}

Database specific

source
"https://storage.googleapis.com/android-osv/ASB-A-452010556.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16-qpr2:0
Fixed
16-qpr2:2026-06-01

Affected versions

Other
16-qpr2

Ecosystem specific

{
    "types": [
        "EoP"
    ],
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/2f94bab50c57d490c9d4597d0c077e7610200c71"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "digest": {
                "length": 1209.0,
                "function_hash": "8161235701582556819583907762950175376"
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/2f94bab50c57d490c9d4597d0c077e7610200c71",
            "signature_type": "Function",
            "id": "ASB-A-452010556-5e4e82a0",
            "target": {
                "function": "show",
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            }
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 977.0,
                "function_hash": "159025997728744761787732655721851653361"
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/2f94bab50c57d490c9d4597d0c077e7610200c71",
            "signature_type": "Function",
            "id": "ASB-A-452010556-5f240f95",
            "target": {
                "function": "hide",
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            }
        },
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "132273760158267097983055288787745018694",
                    "47474440456811787385441026627601259867",
                    "242470691432714548066435559718828354906",
                    "56253570038693443920346756364922371372",
                    "165124606163499328616044586147998878597",
                    "156262576093604747735016125120236669588",
                    "192755441024916862262803870834814989812",
                    "327426287910549702753734403691805186519",
                    "121307267217890474450687958466294167117",
                    "124008452490842615502247265697895910966",
                    "166910566218191803577508002129885722568",
                    "203909322426140432772460716763774854065"
                ]
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/2f94bab50c57d490c9d4597d0c077e7610200c71",
            "signature_type": "Line",
            "id": "ASB-A-452010556-697d3d98",
            "target": {
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            }
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 678.0,
                "function_hash": "219547898696826789866437462920609420287"
            },
            "target": {
                "function": "checkPolicyVisibilityChange",
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/2f94bab50c57d490c9d4597d0c077e7610200c71",
            "signature_type": "Function",
            "id": "ASB-A-452010556-ba3acbc3",
            "deprecated": false
        }
    ],
    "spl": "2026-06-01"
}

Database specific

source
"https://storage.googleapis.com/android-osv/ASB-A-452010556.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2026-06-01

Affected versions

Other
14

Ecosystem specific

{
    "spl": "2026-06-01",
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/e58fd9cd11e400235ac480b4fba6a20f8161ff9b"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "digest": {
                "length": 678.0,
                "function_hash": "219547898696826789866437462920609420287"
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e58fd9cd11e400235ac480b4fba6a20f8161ff9b",
            "signature_type": "Function",
            "id": "ASB-A-452010556-39caf7e4",
            "target": {
                "function": "checkPolicyVisibilityChange",
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            }
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 1073.0,
                "function_hash": "295990930738223302744833455286679802854"
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e58fd9cd11e400235ac480b4fba6a20f8161ff9b",
            "signature_type": "Function",
            "id": "ASB-A-452010556-4247b1ca",
            "target": {
                "function": "show",
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            }
        },
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "189797230159533773981665047340823514841",
                    "29852250565518537273863339087482042728",
                    "177333664150954540924630996645953050901",
                    "260092212136069913281304572642024478635",
                    "165124606163499328616044586147998878597",
                    "156262576093604747735016125120236669588",
                    "192755441024916862262803870834814989812",
                    "327426287910549702753734403691805186519",
                    "121307267217890474450687958466294167117",
                    "124008452490842615502247265697895910966",
                    "324428782986657472512410250713071903874",
                    "308282977652990622579472355143846589277"
                ]
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e58fd9cd11e400235ac480b4fba6a20f8161ff9b",
            "signature_type": "Line",
            "id": "ASB-A-452010556-97783533",
            "target": {
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            }
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 861.0,
                "function_hash": "142158782823989243623119978438196278745"
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e58fd9cd11e400235ac480b4fba6a20f8161ff9b",
            "signature_type": "Function",
            "id": "ASB-A-452010556-af2902e5",
            "target": {
                "function": "hide",
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            }
        }
    ],
    "types": [
        "EoP"
    ]
}

Database specific

source
"https://storage.googleapis.com/android-osv/ASB-A-452010556.json"