ASB-A-459461121
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-459461121.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-459461121
- Aliases
-
- A-459461121
- CVE-2026-0023
- Published
- 2026-03-01T00:00:00Z
- Modified
- 2026-04-17T15:55:28.020024Z
- Summary
- [none]
- Details
-
In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"41902004838178996490532237465305865932",
"143238036581852945348745031987847346919",
"9317458107723232677728753784285036000",
"47305123069438675957799154737432430968"
]
},
"id": "ASB-A-459461121-56bad302",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/23ee35e8fd7d7fdc7e18f691ebf8335f663d1d83",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
}
},
{
"digest": {
"length": 12730.0,
"function_hash": "171863339250464238922862419271589101398"
},
"id": "ASB-A-459461121-9c9c4658",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/23ee35e8fd7d7fdc7e18f691ebf8335f663d1d83",
"target": {
"function": "createSessionInternal",
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/23ee35e8fd7d7fdc7e18f691ebf8335f663d1d83"
],
"types": [
"EoP"
],
"spl": "2026-03-01",
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 11623.0,
"function_hash": "37796899677190441954866605501169629985"
},
"id": "ASB-A-459461121-99ee6467",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a1435a13275c31df38f90f0e2790723a3cb6177a",
"target": {
"function": "createSessionInternal",
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"41902004838178996490532237465305865932",
"143238036581852945348745031987847346919",
"9317458107723232677728753784285036000",
"47305123069438675957799154737432430968"
]
},
"id": "ASB-A-459461121-b3204a5e",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a1435a13275c31df38f90f0e2790723a3cb6177a",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/a1435a13275c31df38f90f0e2790723a3cb6177a"
],
"types": [
"EoP"
],
"spl": "2026-03-01",
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 11630.0,
"function_hash": "178650860070716730475537156274966284071"
},
"id": "ASB-A-459461121-5215247b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/990428772d4718853382ec4c5feda2b7bd6f923f",
"target": {
"function": "createSessionInternal",
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"41902004838178996490532237465305865932",
"143238036581852945348745031987847346919",
"9317458107723232677728753784285036000",
"47305123069438675957799154737432430968"
]
},
"id": "ASB-A-459461121-97f77f06",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/990428772d4718853382ec4c5feda2b7bd6f923f",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/990428772d4718853382ec4c5feda2b7bd6f923f"
],
"types": [
"EoP"
],
"spl": "2026-03-01",
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 12548.0,
"function_hash": "185727764426197639498552116118627145496"
},
"id": "ASB-A-459461121-0387c90b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/49cd29daecbe611bd30dd5869a67c59f3c86ba94",
"target": {
"function": "createSessionInternal",
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"41902004838178996490532237465305865932",
"143238036581852945348745031987847346919",
"9317458107723232677728753784285036000",
"47305123069438675957799154737432430968"
]
},
"id": "ASB-A-459461121-db4fb67a",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/49cd29daecbe611bd30dd5869a67c59f3c86ba94",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/49cd29daecbe611bd30dd5869a67c59f3c86ba94"
],
"types": [
"EoP"
],
"spl": "2026-03-01",
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"316075140997206659299517416064537496267",
"146474244090829127741070617911961326164",
"9317458107723232677728753784285036000",
"47305123069438675957799154737432430968"
]
},
"id": "ASB-A-459461121-09545117",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc741f73d0dacc0f130deaf57a115354dda55723",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
}
},
{
"digest": {
"length": 9943.0,
"function_hash": "77325677381202845080436043658672031542"
},
"id": "ASB-A-459461121-7d130486",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc741f73d0dacc0f130deaf57a115354dda55723",
"target": {
"function": "createSessionInternal",
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/dc741f73d0dacc0f130deaf57a115354dda55723"
],
"types": [
"EoP"
],
"spl": "2026-03-01",
"severity": "High"
}