ASB-A-485397908
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-485397908.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-485397908
- Aliases
-
- A-485397908
- CVE-2026-0089
- Published
- 2026-06-01T00:00:00Z
- Modified
- 2026-06-09T15:27:06.151355248Z
- Summary
- [none]
- Details
-
In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"spl": "2026-06-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/1459299f9d3e5da1254a4653be4ac3defec20759",
"https://android.googlesource.com/platform/frameworks/base/+/c15dea2dc3bb0ebeefeb59eb74290ac9fa918bf8"
],
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"330166218789680291236463804339907792904",
"89836805987840057911045124514217951239",
"307924992950146122806218937544796092419",
"323795612996813352514202176353903647105"
]
},
"deprecated": false,
"signature_type": "Line",
"id": "ASB-A-485397908-473c76e7",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1459299f9d3e5da1254a4653be4ac3defec20759",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
}
},
{
"digest": {
"length": 272.0,
"function_hash": "225464131761428605308717304487472702782"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "addDeveloperVerificationExperiment",
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1459299f9d3e5da1254a4653be4ac3defec20759",
"id": "ASB-A-485397908-6569ba0a"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"85902044632290977825896609861099242912",
"169307118130944273199238675129969400062",
"43590843909172523829684393952833802196",
"38588230041011655999293184938380237262"
]
},
"deprecated": false,
"signature_type": "Line",
"id": "ASB-A-485397908-a1dc9608",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c15dea2dc3bb0ebeefeb59eb74290ac9fa918bf8",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
}
},
{
"digest": {
"length": 86.0,
"function_hash": "151439334323012505378427988522184196369"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "clearDeveloperVerificationExperiment",
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
},
"signature_version": "v1",
"id": "ASB-A-485397908-b70a672d",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c15dea2dc3bb0ebeefeb59eb74290ac9fa918bf8"
}
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"spl": "2026-06-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/3671a41bb57ffd2e8c0c267cdc0469bec05062b8",
"https://android.googlesource.com/platform/frameworks/base/+/1f7c25b7e1f12a579b2815819257f9d86bf2e95d"
],
"vanir_signatures": [
{
"digest": {
"length": 86.0,
"function_hash": "151439334323012505378427988522184196369"
},
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-485397908-3eae459b",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1f7c25b7e1f12a579b2815819257f9d86bf2e95d",
"target": {
"function": "clearDeveloperVerificationExperiment",
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"330166218789680291236463804339907792904",
"89836805987840057911045124514217951239",
"307924992950146122806218937544796092419",
"323795612996813352514202176353903647105"
]
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/3671a41bb57ffd2e8c0c267cdc0469bec05062b8",
"id": "ASB-A-485397908-65c05e23",
"signature_version": "v1"
},
{
"digest": {
"length": 272.0,
"function_hash": "225464131761428605308717304487472702782"
},
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-485397908-6b69d40c",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3671a41bb57ffd2e8c0c267cdc0469bec05062b8",
"target": {
"function": "addDeveloperVerificationExperiment",
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"85902044632290977825896609861099242912",
"169307118130944273199238675129969400062",
"43590843909172523829684393952833802196",
"38588230041011655999293184938380237262"
]
},
"deprecated": false,
"signature_type": "Line",
"id": "ASB-A-485397908-e92aafee",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1f7c25b7e1f12a579b2815819257f9d86bf2e95d",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
}
}
]
}