ASB-A-460933604
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-460933604.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-460933604
- Aliases
-
- A-460933604
- CVE-2026-0016
- Published
- 2026-06-01T00:00:00Z
- Modified
- 2026-06-25T15:18:14.132838247Z
- Summary
- [none]
- Details
-
In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/a631806c7aef2d0adf40793883957956aaada357"
],
"severity": "High",
"types": [
"ID"
],
"spl": "2026-06-01",
"vanir_signatures": [
{
"target": {
"file": "services/credentials/java/com/android/server/credentials/CredentialManagerService.java"
},
"id": "ASB-A-460933604-0427ac15",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a631806c7aef2d0adf40793883957956aaada357",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"236757797298643586277567079489527692433",
"260400859541391930397799917262971480305",
"89796163820097067758905871865778352977",
"152470181634356134627737138537383340738",
"19337287797833759647307589339832905124",
"26261039252615956348419202102995204716",
"40656838338137506166043175060196105359",
"203996167164111863555529920133933214782",
"33185206605665109979423100066898173404",
"165686225044220713529576350913828951629",
"335057009792386384466136480693084522621",
"205890249286301262013717503706130497784",
"238686073049658378032961040442748498945",
"68799971003637895160595676149811163745",
"98800465716778407554145470769434258469",
"297939398198302139966976124503099166615",
"244684080444139417345540975757663496257",
"65670089475461021476906667660325210385",
"339607428233238850237374646557154643291",
"217431951705329233002013900317071296733",
"100169523158442018145175155576939804633",
"275161592794845742554827089389965258716",
"45597638232354367525610921186700034828",
"39841570399783724898653025584690605558",
"27100486196900892471356722060236511558",
"244912167370129635279597947671894268558",
"218549456482241477253132316775158941870"
]
},
"signature_version": "v1"
},
{
"digest": {
"length": 252.0,
"function_hash": "292971561053830502429299222423501722906"
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a631806c7aef2d0adf40793883957956aaada357",
"id": "ASB-A-460933604-0c8385f0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/infra/AbstractMasterSystemService.java",
"function": "removeInvalidCachedServicesLocked"
}
},
{
"target": {
"file": "services/credentials/java/com/android/server/credentials/CredentialManagerService.java",
"function": "updateProvidersWhenServiceRemoved"
},
"id": "ASB-A-460933604-61fdc99e",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a631806c7aef2d0adf40793883957956aaada357",
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1224.0,
"function_hash": "74419033187255781104100432760116064829"
},
"signature_version": "v1"
},
{
"signature_version": "v1",
"id": "ASB-A-460933604-f63334c0",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a631806c7aef2d0adf40793883957956aaada357",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/infra/AbstractMasterSystemService.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"231003889080206413797443448172764758858",
"117066040151103728792130533856058562185",
"148201188374718905640009909042790610070",
"146396725481014504161548083299177762175",
"200303445894465411110734461672330751593"
]
}
}
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/8458cfc84b460c37a9936f40f80dc960419b51b6",
"https://android.googlesource.com/platform/frameworks/base/+/67619d9eb580710bc82a2bbf95677d41476c6bef"
],
"severity": "High",
"types": [
"ID"
],
"spl": "2026-06-01",
"vanir_signatures": [
{
"signature_version": "v1",
"id": "ASB-A-460933604-2198582f",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8458cfc84b460c37a9936f40f80dc960419b51b6",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "services/credentials/java/com/android/server/credentials/CredentialManagerService.java",
"function": "updateProvidersWhenServiceRemoved"
},
"digest": {
"length": 1224.0,
"function_hash": "74419033187255781104100432760116064829"
}
},
{
"target": {
"file": "services/core/java/com/android/server/infra/AbstractMasterSystemService.java"
},
"id": "ASB-A-460933604-afd882d6",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8458cfc84b460c37a9936f40f80dc960419b51b6",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"231003889080206413797443448172764758858",
"117066040151103728792130533856058562185",
"148201188374718905640009909042790610070",
"146396725481014504161548083299177762175",
"200303445894465411110734461672330751593"
]
},
"signature_version": "v1"
},
{
"target": {
"file": "services/core/java/com/android/server/infra/AbstractMasterSystemService.java",
"function": "removeInvalidCachedServicesLocked"
},
"id": "ASB-A-460933604-e2834c21",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8458cfc84b460c37a9936f40f80dc960419b51b6",
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 252.0,
"function_hash": "292971561053830502429299222423501722906"
},
"signature_version": "v1"
},
{
"signature_version": "v1",
"id": "ASB-A-460933604-febaffa7",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8458cfc84b460c37a9936f40f80dc960419b51b6",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "services/credentials/java/com/android/server/credentials/CredentialManagerService.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"40656838338137506166043175060196105359",
"203996167164111863555529920133933214782",
"33185206605665109979423100066898173404",
"165686225044220713529576350913828951629",
"335057009792386384466136480693084522621",
"98800465716778407554145470769434258469",
"297939398198302139966976124503099166615",
"244684080444139417345540975757663496257",
"65670089475461021476906667660325210385",
"339607428233238850237374646557154643291",
"275161592794845742554827089389965258716",
"45597638232354367525610921186700034828",
"39841570399783724898653025584690605558",
"27100486196900892471356722060236511558"
]
}
}
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"spl": "2026-06-01",
"types": [
"ID"
],
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"203996167164111863555529920133933214782",
"33185206605665109979423100066898173404",
"165686225044220713529576350913828951629",
"335057009792386384466136480693084522621",
"68799971003637895160595676149811163745",
"98800465716778407554145470769434258469",
"297939398198302139966976124503099166615",
"244684080444139417345540975757663496257",
"65670089475461021476906667660325210385",
"339607428233238850237374646557154643291",
"275161592794845742554827089389965258716",
"45597638232354367525610921186700034828",
"39841570399783724898653025584690605558",
"27100486196900892471356722060236511558"
]
},
"id": "ASB-A-460933604-65bf59e4",
"source": "https://android.googlesource.com/platform/frameworks/base/+/ce3708dbb0316d93ebb441f416d3cd1945f7221c",
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/credentials/java/com/android/server/credentials/CredentialManagerService.java"
}
},
{
"signature_version": "v1",
"id": "ASB-A-460933604-73b68a7a",
"source": "https://android.googlesource.com/platform/frameworks/base/+/ce3708dbb0316d93ebb441f416d3cd1945f7221c",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/infra/AbstractMasterSystemService.java",
"function": "removeInvalidCachedServicesLocked"
},
"digest": {
"length": 252.0,
"function_hash": "292971561053830502429299222423501722906"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"231003889080206413797443448172764758858",
"117066040151103728792130533856058562185",
"148201188374718905640009909042790610070",
"146396725481014504161548083299177762175",
"200303445894465411110734461672330751593"
]
},
"id": "ASB-A-460933604-aff997d4",
"source": "https://android.googlesource.com/platform/frameworks/base/+/ce3708dbb0316d93ebb441f416d3cd1945f7221c",
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/infra/AbstractMasterSystemService.java"
}
},
{
"target": {
"file": "services/credentials/java/com/android/server/credentials/CredentialManagerService.java",
"function": "updateProvidersWhenServiceRemoved"
},
"id": "ASB-A-460933604-bffd0aea",
"source": "https://android.googlesource.com/platform/frameworks/base/+/ce3708dbb0316d93ebb441f416d3cd1945f7221c",
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1224.0,
"function_hash": "74419033187255781104100432760116064829"
},
"signature_version": "v1"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/ce3708dbb0316d93ebb441f416d3cd1945f7221c",
"https://android.googlesource.com/platform/frameworks/base/+/509569d8352076426523cd7c01891880c0a90307"
]
}