ASB-A-469080888

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-469080888.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-469080888

Aliases

A-469080888
CVE-2026-0073

Published

2026-05-01T00:00:00Z

Modified

2026-05-08T16:01:51.015999Z

Summary

[none]

Details

In adbdtlsverify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for exploitation.

References

https://source.android.com/security/bulletin/2026-05-01

Affected packages

Android

platform/packages/modules/adb

Package

Name: platform/packages/modules/adb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

16-qpr2-next:0

Fixed

16-qpr2-next:2026-05-01

Affected versions

Other

16-qpr2-next

Ecosystem specific

{
    "types": [
        "RCE"
    ],
    "vanir_signatures": [
        {
            "target": {
                "function": "adbd_tls_verify_cert",
                "file": "daemon/auth.cpp"
            },
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "function_hash": "203504448004128309444519572875803334604",
                "length": 1396.0
            },
            "id": "ASB-A-469080888-2e87d07a",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/modules/adb/+/8248d2b1f479aebc66ed7d96ba1f19a4144bc537"
        },
        {
            "target": {
                "file": "daemon/auth.cpp"
            },
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "224893215141431116621884640799021406516",
                    "77172996256398155100791030744919970882",
                    "214789650471790579933820413370861251736",
                    "117680631746406727787973338370133520341",
                    "74351312361888148482404842278859843198",
                    "285264562717604403289542446999383994678",
                    "13916654935757632675048914678619121002",
                    "185883513677906872003985050370687979258"
                ]
            },
            "id": "ASB-A-469080888-69b68eff",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/modules/adb/+/8248d2b1f479aebc66ed7d96ba1f19a4144bc537"
        }
    ],
    "spl": "2026-05-01",
    "severity": "Critical",
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/adb/+/8248d2b1f479aebc66ed7d96ba1f19a4144bc537"
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-469080888.json"

platform/packages/modules/adb

Package

Name: platform/packages/modules/adb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15:0

Fixed

15:2026-05-01

Affected versions

Other

Ecosystem specific

{
    "types": [
        "RCE"
    ],
    "vanir_signatures": [
        {
            "target": {
                "file": "daemon/auth.cpp"
            },
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "224893215141431116621884640799021406516",
                    "88540872520118927895502783251328010206",
                    "231652011000281601216617313030116753017",
                    "159311208688490002939171878391514179136",
                    "310809038979613984236497948207650751269",
                    "170345696339408764192165669549353401672",
                    "31031634468312048018261451951634278460",
                    "176810422543101356939799662400475236407"
                ]
            },
            "id": "ASB-A-469080888-4e3278d2",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/modules/adb/+/078ca3f710538c29d61a90ba407b40e0557a9060"
        },
        {
            "target": {
                "function": "adbd_tls_verify_cert",
                "file": "daemon/auth.cpp"
            },
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "function_hash": "70399475931218217740260169085352628042",
                "length": 1396.0
            },
            "id": "ASB-A-469080888-9ce26f98",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/modules/adb/+/078ca3f710538c29d61a90ba407b40e0557a9060"
        }
    ],
    "spl": "2026-05-01",
    "severity": "Critical",
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/adb/+/078ca3f710538c29d61a90ba407b40e0557a9060"
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-469080888.json"

platform/packages/modules/adb

Package

Name: platform/packages/modules/adb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

16:0

Fixed

16:2026-05-01

Affected versions

Other

Ecosystem specific

{
    "types": [
        "RCE"
    ],
    "vanir_signatures": [
        {
            "target": {
                "function": "adbd_tls_verify_cert",
                "file": "daemon/auth.cpp"
            },
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "function_hash": "203504448004128309444519572875803334604",
                "length": 1396.0
            },
            "id": "ASB-A-469080888-358a7bdf",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/modules/adb/+/5c70d050400f748f55f3fce536fb37f37ade9a9f"
        },
        {
            "target": {
                "file": "daemon/auth.cpp"
            },
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "224893215141431116621884640799021406516",
                    "77172996256398155100791030744919970882",
                    "214789650471790579933820413370861251736",
                    "117680631746406727787973338370133520341",
                    "74351312361888148482404842278859843198",
                    "285264562717604403289542446999383994678",
                    "13916654935757632675048914678619121002",
                    "185883513677906872003985050370687979258"
                ]
            },
            "id": "ASB-A-469080888-60193383",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/modules/adb/+/5c70d050400f748f55f3fce536fb37f37ade9a9f"
        }
    ],
    "spl": "2026-05-01",
    "severity": "Critical",
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/adb/+/5c70d050400f748f55f3fce536fb37f37ade9a9f"
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-469080888.json"

platform/packages/modules/adb

Package

Name: platform/packages/modules/adb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

16-qpr2:0

Fixed

16-qpr2:2026-05-01

Affected versions

Other

16-qpr2

Ecosystem specific

{
    "types": [
        "RCE"
    ],
    "vanir_signatures": [
        {
            "target": {
                "file": "daemon/auth.cpp"
            },
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "224893215141431116621884640799021406516",
                    "77172996256398155100791030744919970882",
                    "214789650471790579933820413370861251736",
                    "117680631746406727787973338370133520341",
                    "74351312361888148482404842278859843198",
                    "285264562717604403289542446999383994678",
                    "13916654935757632675048914678619121002",
                    "185883513677906872003985050370687979258"
                ]
            },
            "id": "ASB-A-469080888-1c6e5817",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/modules/adb/+/d722ffcd5204474e298aac75acae97d913513953"
        },
        {
            "target": {
                "function": "adbd_tls_verify_cert",
                "file": "daemon/auth.cpp"
            },
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "function_hash": "203504448004128309444519572875803334604",
                "length": 1396.0
            },
            "id": "ASB-A-469080888-c954efac",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/modules/adb/+/d722ffcd5204474e298aac75acae97d913513953"
        }
    ],
    "spl": "2026-05-01",
    "severity": "Critical",
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/adb/+/d722ffcd5204474e298aac75acae97d913513953"
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-469080888.json"

platform/packages/modules/adb

Package

Name: platform/packages/modules/adb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

14:0

Fixed

14:2026-05-01

Affected versions

Other

Ecosystem specific

{
    "types": [
        "RCE"
    ],
    "vanir_signatures": [
        {
            "target": {
                "file": "daemon/auth.cpp"
            },
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "224893215141431116621884640799021406516",
                    "88540872520118927895502783251328010206",
                    "231652011000281601216617313030116753017",
                    "159311208688490002939171878391514179136",
                    "310809038979613984236497948207650751269",
                    "170345696339408764192165669549353401672",
                    "31031634468312048018261451951634278460",
                    "176810422543101356939799662400475236407"
                ]
            },
            "id": "ASB-A-469080888-71354085",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/modules/adb/+/9ea785da0820d2b6422179c85435adf54425fa4e"
        },
        {
            "target": {
                "function": "adbd_tls_verify_cert",
                "file": "daemon/auth.cpp"
            },
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "function_hash": "70399475931218217740260169085352628042",
                "length": 1396.0
            },
            "id": "ASB-A-469080888-b8048629",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/modules/adb/+/9ea785da0820d2b6422179c85435adf54425fa4e"
        }
    ],
    "spl": "2026-05-01",
    "severity": "Critical",
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/adb/+/9ea785da0820d2b6422179c85435adf54425fa4e"
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-469080888.json"