ASB-A-460779368
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-460779368.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-460779368
- Aliases
-
- A-460779368
- CVE-2026-0055
- Published
- 2026-06-01T00:00:00Z
- Modified
- 2026-06-24T15:00:40.818157658Z
- Summary
- [none]
- Details
-
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC) into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/fe2d4eb0555ab2f1ea812d2b12e0a1548edea2e7"
],
"severity": "High",
"types": [
"EoP"
],
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"254972440605461210426826536669638236202",
"167893991033820611825204082068731878774",
"232125048972906336622550170191555660809",
"117029669476753100572255137914406469982"
]
},
"id": "ASB-A-460779368-0d2fa5b1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/fe2d4eb0555ab2f1ea812d2b12e0a1548edea2e7",
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
}
},
{
"signature_version": "v1",
"id": "ASB-A-460779368-43fc027a",
"source": "https://android.googlesource.com/platform/frameworks/base/+/fe2d4eb0555ab2f1ea812d2b12e0a1548edea2e7",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "createSessionInternal"
},
"digest": {
"length": 12548.0,
"function_hash": "185727764426197639498552116118627145496"
}
}
],
"spl": "2026-06-01"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/43f1b833e3521a506f55a608d971da3a06123043"
],
"severity": "High",
"vanir_signatures": [
{
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
},
"id": "ASB-A-460779368-367e3097",
"source": "https://android.googlesource.com/platform/frameworks/base/+/43f1b833e3521a506f55a608d971da3a06123043",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"254972440605461210426826536669638236202",
"167893991033820611825204082068731878774",
"232125048972906336622550170191555660809",
"117029669476753100572255137914406469982"
]
},
"signature_version": "v1"
},
{
"digest": {
"length": 11705.0,
"function_hash": "114297757959919742379137534179002051566"
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/43f1b833e3521a506f55a608d971da3a06123043",
"id": "ASB-A-460779368-fbe22706",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "createSessionInternal"
}
}
],
"spl": "2026-06-01",
"types": [
"EoP"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/f10d91c07960e69b9d89f557a84e780c985d4178"
],
"severity": "High",
"vanir_signatures": [
{
"digest": {
"length": 11712.0,
"function_hash": "23736031519892428315727038758685826115"
},
"id": "ASB-A-460779368-1fc2cb84",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f10d91c07960e69b9d89f557a84e780c985d4178",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "createSessionInternal"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"254972440605461210426826536669638236202",
"167893991033820611825204082068731878774",
"232125048972906336622550170191555660809",
"117029669476753100572255137914406469982"
]
},
"id": "ASB-A-460779368-46ccea7e",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f10d91c07960e69b9d89f557a84e780c985d4178",
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
}
}
],
"spl": "2026-06-01",
"types": [
"EoP"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e8a25baeb30aaec64e80f1c7e55a44b1a93e9337"
],
"severity": "High",
"types": [
"EoP"
],
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"254972440605461210426826536669638236202",
"167893991033820611825204082068731878774",
"232125048972906336622550170191555660809",
"117029669476753100572255137914406469982"
]
},
"id": "ASB-A-460779368-04fbc21a",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e8a25baeb30aaec64e80f1c7e55a44b1a93e9337",
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
}
},
{
"signature_version": "v1",
"id": "ASB-A-460779368-537f9e9e",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e8a25baeb30aaec64e80f1c7e55a44b1a93e9337",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "createSessionInternal"
},
"digest": {
"length": 12630.0,
"function_hash": "209062086188655214902542174846261069862"
}
}
],
"spl": "2026-06-01"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/5dc8ec833691c2e2d61ea6ef90b7858c78a64e3e"
],
"severity": "High",
"vanir_signatures": [
{
"signature_version": "v1",
"id": "ASB-A-460779368-cf54648e",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5dc8ec833691c2e2d61ea6ef90b7858c78a64e3e",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"254972440605461210426826536669638236202",
"167893991033820611825204082068731878774",
"232125048972906336622550170191555660809",
"117029669476753100572255137914406469982"
]
}
},
{
"signature_version": "v1",
"id": "ASB-A-460779368-db7496e1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5dc8ec833691c2e2d61ea6ef90b7858c78a64e3e",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "createSessionInternal"
},
"digest": {
"length": 10025.0,
"function_hash": "91625058542454682175703424736644065853"
}
}
],
"spl": "2026-06-01",
"types": [
"EoP"
]
}