ASB-A-303227969
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/ASB-A-303227969.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ASB-A-303227969
- Aliases
-
- A-303227969
- CVE-2025-26463
- Published
- 2025-06-01T00:00:00Z
- Modified
- 2025-08-07T04:57:14.091886Z
- Summary
- [none]
- Details
-
In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"spl": "2025-06-01",
"types": [
"DoS"
],
"vanir_signatures": [
{
"id": "ASB-A-303227969-4c9da041",
"deprecated": false,
"digest": {
"line_hashes": [
"101138393458861100048541495691845930810",
"126491840937780628697410403373514744131",
"258008528360797433471288325304487224116",
"28783475577963723089655229407501253500",
"11803760918395638239289081343448805437",
"272350059164555836817037866321220327227"
],
"threshold": 0.9
},
"target": {
"file": "apex/blobstore/service/java/com/android/server/blob/BlobStoreSession.java"
},
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/aaa1cb20b89f3389f9fbc362a397770c8052e7fb",
"signature_type": "Line",
"signature_version": "v1"
},
{
"id": "ASB-A-303227969-82315d13",
"deprecated": false,
"digest": {
"line_hashes": [
"37402569406643562322314055412458750040",
"3005921560461445780243703699796863845",
"87636568802040399672645385484965157980",
"73490189280143943928878129018643309051",
"23360089263224615556521682113737045181",
"42998921169238507580766210385903023673",
"257869726945214116607809097943509203135",
"313877664070915578054626057193338148194",
"74788398263807374059790075925970845467",
"169316865874818736176730999644787443203",
"172099645355247615168091416713322542175",
"8316593249702131755371373281488748518",
"274311528236342019563972291867543170720",
"157282420949475499776412570768254423344"
],
"threshold": 0.9
},
"target": {
"file": "apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java"
},
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/aaa1cb20b89f3389f9fbc362a397770c8052e7fb",
"signature_type": "Line",
"signature_version": "v1"
},
{
"id": "ASB-A-303227969-969d3a95",
"deprecated": false,
"digest": {
"length": 315.0,
"function_hash": "281638815089719090853918643520913630402"
},
"target": {
"file": "apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java",
"function": "allowPackageAccess"
},
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/aaa1cb20b89f3389f9fbc362a397770c8052e7fb",
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "ASB-A-303227969-e5210dfe",
"deprecated": false,
"digest": {
"length": 540.0,
"function_hash": "241942173066533732740582469164623051520"
},
"target": {
"file": "apex/blobstore/service/java/com/android/server/blob/BlobStoreSession.java",
"function": "allowPackageAccess"
},
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/aaa1cb20b89f3389f9fbc362a397770c8052e7fb",
"signature_type": "Function",
"signature_version": "v1"
}
],
"severity": "High",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/aaa1cb20b89f3389f9fbc362a397770c8052e7fb"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"spl": "2025-06-01",
"types": [
"DoS"
],
"vanir_signatures": [
{
"id": "ASB-A-303227969-10e74499",
"deprecated": false,
"digest": {
"line_hashes": [
"101138393458861100048541495691845930810",
"126491840937780628697410403373514744131",
"258008528360797433471288325304487224116",
"28783475577963723089655229407501253500",
"11803760918395638239289081343448805437",
"272350059164555836817037866321220327227"
],
"threshold": 0.9
},
"target": {
"file": "apex/blobstore/service/java/com/android/server/blob/BlobStoreSession.java"
},
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/509d619b2f9a52c5f3a88dbaa85b9bc7f66deaea",
"signature_type": "Line",
"signature_version": "v1"
},
{
"id": "ASB-A-303227969-11fbf514",
"deprecated": false,
"digest": {
"length": 540.0,
"function_hash": "241942173066533732740582469164623051520"
},
"target": {
"file": "apex/blobstore/service/java/com/android/server/blob/BlobStoreSession.java",
"function": "allowPackageAccess"
},
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/509d619b2f9a52c5f3a88dbaa85b9bc7f66deaea",
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "ASB-A-303227969-1a7144b9",
"deprecated": false,
"digest": {
"length": 315.0,
"function_hash": "281638815089719090853918643520913630402"
},
"target": {
"file": "apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java",
"function": "allowPackageAccess"
},
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/509d619b2f9a52c5f3a88dbaa85b9bc7f66deaea",
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "ASB-A-303227969-f4641c03",
"deprecated": false,
"digest": {
"line_hashes": [
"37402569406643562322314055412458750040",
"3005921560461445780243703699796863845",
"87636568802040399672645385484965157980",
"73490189280143943928878129018643309051",
"23360089263224615556521682113737045181",
"42998921169238507580766210385903023673",
"257869726945214116607809097943509203135",
"313877664070915578054626057193338148194",
"74788398263807374059790075925970845467",
"169316865874818736176730999644787443203",
"172099645355247615168091416713322542175",
"8316593249702131755371373281488748518",
"274311528236342019563972291867543170720",
"157282420949475499776412570768254423344"
],
"threshold": 0.9
},
"target": {
"file": "apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java"
},
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/509d619b2f9a52c5f3a88dbaa85b9bc7f66deaea",
"signature_type": "Line",
"signature_version": "v1"
}
],
"severity": "High",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/509d619b2f9a52c5f3a88dbaa85b9bc7f66deaea"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"spl": "2025-06-01",
"types": [
"DoS"
],
"vanir_signatures": [
{
"id": "ASB-A-303227969-7b347f9f",
"deprecated": false,
"digest": {
"length": 315.0,
"function_hash": "281638815089719090853918643520913630402"
},
"target": {
"file": "apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java",
"function": "allowPackageAccess"
},
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/fe01a389c8c74ea408935f9bc2b16edea5d55975",
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "ASB-A-303227969-92cdf74e",
"deprecated": false,
"digest": {
"line_hashes": [
"101138393458861100048541495691845930810",
"126491840937780628697410403373514744131",
"258008528360797433471288325304487224116",
"28783475577963723089655229407501253500",
"11803760918395638239289081343448805437",
"272350059164555836817037866321220327227"
],
"threshold": 0.9
},
"target": {
"file": "apex/blobstore/service/java/com/android/server/blob/BlobStoreSession.java"
},
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/fe01a389c8c74ea408935f9bc2b16edea5d55975",
"signature_type": "Line",
"signature_version": "v1"
},
{
"id": "ASB-A-303227969-932a1d81",
"deprecated": false,
"digest": {
"line_hashes": [
"37402569406643562322314055412458750040",
"3005921560461445780243703699796863845",
"87636568802040399672645385484965157980",
"73490189280143943928878129018643309051",
"23360089263224615556521682113737045181",
"42998921169238507580766210385903023673",
"257869726945214116607809097943509203135",
"313877664070915578054626057193338148194",
"74788398263807374059790075925970845467",
"169316865874818736176730999644787443203",
"172099645355247615168091416713322542175",
"8316593249702131755371373281488748518",
"274311528236342019563972291867543170720",
"157282420949475499776412570768254423344"
],
"threshold": 0.9
},
"target": {
"file": "apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java"
},
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/fe01a389c8c74ea408935f9bc2b16edea5d55975",
"signature_type": "Line",
"signature_version": "v1"
},
{
"id": "ASB-A-303227969-dc977f4e",
"deprecated": false,
"digest": {
"length": 540.0,
"function_hash": "241942173066533732740582469164623051520"
},
"target": {
"file": "apex/blobstore/service/java/com/android/server/blob/BlobStoreSession.java",
"function": "allowPackageAccess"
},
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/fe01a389c8c74ea408935f9bc2b16edea5d55975",
"signature_type": "Function",
"signature_version": "v1"
}
],
"severity": "High",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/fe01a389c8c74ea408935f9bc2b16edea5d55975"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"spl": "2025-06-01",
"types": [
"DoS"
],
"vanir_signatures": [
{
"id": "ASB-A-303227969-4abd83a6",
"deprecated": false,
"digest": {
"length": 315.0,
"function_hash": "281638815089719090853918643520913630402"
},
"target": {
"file": "apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java",
"function": "allowPackageAccess"
},
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/fe01a389c8c74ea408935f9bc2b16edea5d55975",
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "ASB-A-303227969-51f738e8",
"deprecated": false,
"digest": {
"line_hashes": [
"101138393458861100048541495691845930810",
"126491840937780628697410403373514744131",
"258008528360797433471288325304487224116",
"28783475577963723089655229407501253500",
"11803760918395638239289081343448805437",
"272350059164555836817037866321220327227"
],
"threshold": 0.9
},
"target": {
"file": "apex/blobstore/service/java/com/android/server/blob/BlobStoreSession.java"
},
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/fe01a389c8c74ea408935f9bc2b16edea5d55975",
"signature_type": "Line",
"signature_version": "v1"
},
{
"id": "ASB-A-303227969-77d5d2f6",
"deprecated": false,
"digest": {
"line_hashes": [
"37402569406643562322314055412458750040",
"3005921560461445780243703699796863845",
"87636568802040399672645385484965157980",
"73490189280143943928878129018643309051",
"23360089263224615556521682113737045181",
"42998921169238507580766210385903023673",
"257869726945214116607809097943509203135",
"313877664070915578054626057193338148194",
"74788398263807374059790075925970845467",
"169316865874818736176730999644787443203",
"172099645355247615168091416713322542175",
"8316593249702131755371373281488748518",
"274311528236342019563972291867543170720",
"157282420949475499776412570768254423344"
],
"threshold": 0.9
},
"target": {
"file": "apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java"
},
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/fe01a389c8c74ea408935f9bc2b16edea5d55975",
"signature_type": "Line",
"signature_version": "v1"
},
{
"id": "ASB-A-303227969-ebb90bf3",
"deprecated": false,
"digest": {
"length": 540.0,
"function_hash": "241942173066533732740582469164623051520"
},
"target": {
"file": "apex/blobstore/service/java/com/android/server/blob/BlobStoreSession.java",
"function": "allowPackageAccess"
},
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/fe01a389c8c74ea408935f9bc2b16edea5d55975",
"signature_type": "Function",
"signature_version": "v1"
}
],
"severity": "High",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/fe01a389c8c74ea408935f9bc2b16edea5d55975"
]
}