ASB-A-339532378
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/ASB-A-339532378.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ASB-A-339532378
- Aliases
-
- A-339532378
- CVE-2025-22422
- Published
- 2025-04-01T00:00:00Z
- Modified
- 2025-04-07T20:27:14.301859Z
- Summary
- [none]
- Details
-
In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 80.0,
"function_hash": "6427437045314555225829918202276146073"
},
"id": "ASB-A-339532378-0392a1cf",
"source": "https://android.googlesource.com/platform/frameworks/base/+/58d536c5733173c09f8d6e531d6230f838f64d1a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/hardware/biometrics/PromptInfo.java",
"function": "getComponentNameForConfirmDeviceCredentialActivity"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1354.0,
"function_hash": "19078332798046447110024432940186933275"
},
"id": "ASB-A-339532378-20a0c729",
"source": "https://android.googlesource.com/platform/frameworks/base/+/58d536c5733173c09f8d6e531d6230f838f64d1a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/hardware/biometrics/PromptInfo.java",
"function": "PromptInfo"
},
"signature_type": "Function"
},
{
"digest": {
"length": 553.0,
"function_hash": "13904012027498894187306748820950093878"
},
"id": "ASB-A-339532378-3e8d2b3b",
"source": "https://android.googlesource.com/platform/frameworks/base/+/58d536c5733173c09f8d6e531d6230f838f64d1a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/hardware/biometrics/PromptInfo.java",
"function": "requiresTestOrInternalPermission"
},
"signature_type": "Function"
},
{
"digest": {
"length": 130.0,
"function_hash": "21877760011467056614181048846313007366"
},
"id": "ASB-A-339532378-454cb32d",
"source": "https://android.googlesource.com/platform/frameworks/base/+/58d536c5733173c09f8d6e531d6230f838f64d1a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthController.java",
"function": "onTaskStackChanged"
},
"signature_type": "Function"
},
{
"digest": {
"length": 432.0,
"function_hash": "86044742168334812259802620092759685839"
},
"id": "ASB-A-339532378-4df94d05",
"source": "https://android.googlesource.com/platform/frameworks/base/+/58d536c5733173c09f8d6e531d6230f838f64d1a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthController.java",
"function": "isOwnerInForeground"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"16662786884986172260223512343573528503",
"274772761522730508170974348833543986299",
"299250539738131039706114761420279183020",
"338790881762184786049398786361906386377"
]
},
"id": "ASB-A-339532378-4f61521e",
"source": "https://android.googlesource.com/platform/frameworks/base/+/58d536c5733173c09f8d6e531d6230f838f64d1a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthContainerView.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"147524687863591423861922620005194013747",
"129717098065904380555197117562367574281",
"70004750835757778301920980091817553255",
"152846493034047750365629007933945317181",
"255938540774519373564298548378804189397",
"338253862639500299196452552651344100348",
"176012018323537988302039330811879880558",
"1242596820432673028967143689283327608",
"201343619321101841766687522221679730466"
]
},
"id": "ASB-A-339532378-55b2bf8b",
"source": "https://android.googlesource.com/platform/frameworks/base/+/58d536c5733173c09f8d6e531d6230f838f64d1a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/hardware/biometrics/BiometricPrompt.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1184.0,
"function_hash": "288084473829641679178032811301672155523"
},
"id": "ASB-A-339532378-6d7d0366",
"source": "https://android.googlesource.com/platform/frameworks/base/+/58d536c5733173c09f8d6e531d6230f838f64d1a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/hardware/biometrics/PromptInfo.java",
"function": "writeToParcel"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1139.0,
"function_hash": "245954559699050951182250890957648136317"
},
"id": "ASB-A-339532378-8202d280",
"source": "https://android.googlesource.com/platform/frameworks/base/+/58d536c5733173c09f8d6e531d6230f838f64d1a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthController.java",
"function": "showDialog"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"316311015427826778719982258594003142330",
"133864529660473628889742949013090395892",
"37699664208387374915680514025861861855",
"151655086691316995508620417133598215816",
"156694698987190921518319855981704290494",
"245914788490924213560283229459746195602",
"104498270064595982798320666225101665827",
"220887503484546862631496172120613316524",
"290192701949436906578758583449481851247",
"212319758465115133031471361209683593170",
"214675721499318226784492026720204328414",
"125128485432806176609092071262063184050",
"58137926508154035730692163050047828546",
"332961553840748061123660452161036351163",
"77494783855601800331377093751813872644",
"217424702709995653088635649838471939599",
"133217066758006622360518135838689564972",
"334382811407362780498116825916871408711",
"194377974981534961941992076506883065261",
"86503847032900825209425584387209433826",
"111488451954294407563748023901873414531",
"335391923332883398951730313256478179123",
"201813785989310512801353197422550506197",
"63023319149774050960125992398873200987",
"11805384366078932325418201622514784026",
"115842048727584634593751743252466340513",
"251053517511890515296468331944283045870",
"287023520256470428597995457945978503246",
"101590940874997532139658864975872838953",
"13830212213712721019581501139321924457"
]
},
"id": "ASB-A-339532378-ad1611ad",
"source": "https://android.googlesource.com/platform/frameworks/base/+/58d536c5733173c09f8d6e531d6230f838f64d1a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthController.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"222924909509013212835050932226557986100",
"208916627078376937546345104880424168025",
"299577835027255713402126757933543294251",
"157312373158062774163059650961836007359",
"329593554991212412795905335115393731773",
"332725066694203328530166883229714958562",
"258435618432651398915549922202168835096",
"248918820765574023428562923487448198497",
"305340877544667162244334040258735940391",
"22617651305319426365638487206419784796",
"251076949345097345251058025876362688459",
"102540731048216888119899351810585018630",
"211993579811139969872449087056258217980",
"277089988998836419090633768205873876675",
"149025025776701368583706014326526650950",
"232275030296092908372760384016006184914",
"158623659816499154777817322460609029624",
"69658368272428251356443407712894207842",
"221189465342037177644194872937957266308",
"178650326624068723093558305872807750458",
"122533371312212313367933086901346573498",
"14025642072627712653215384816076613042",
"218394827291614770195376707958786151202",
"76562639222370279930309799955447161393",
"241802247516934137462663028990520826016",
"336211199805398680138517052783006547502",
"218813463849730091179659024979976993858",
"106969368589754888030543267806415690882",
"240338846547172055453850010821441037852",
"194575927154464620674526175965203625390",
"249684969087808776376571297518807822135"
]
},
"id": "ASB-A-339532378-e3810a31",
"source": "https://android.googlesource.com/platform/frameworks/base/+/58d536c5733173c09f8d6e531d6230f838f64d1a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/hardware/biometrics/PromptInfo.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"290535239967467526603137661615007752113",
"109450674435909472747484583062378561976",
"241616152355243219581591729139710726333"
]
},
"id": "ASB-A-339532378-ea0d6bc7",
"source": "https://android.googlesource.com/platform/frameworks/base/+/58d536c5733173c09f8d6e531d6230f838f64d1a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "packages/SystemUI/src/com/android/systemui/biometrics/AuthDialog.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 93.0,
"function_hash": "195411247792697651424532565076924804056"
},
"id": "ASB-A-339532378-f2462759",
"source": "https://android.googlesource.com/platform/frameworks/base/+/58d536c5733173c09f8d6e531d6230f838f64d1a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/hardware/biometrics/PromptInfo.java",
"function": "setComponentNameForConfirmDeviceCredentialActivity"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/58d536c5733173c09f8d6e531d6230f838f64d1a"
],
"spl": "2025-04-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/packages/apps/Settings
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 501.0,
"function_hash": "34280703308763505191806470357934144046"
},
"id": "ASB-A-339532378-53d4d11b",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/3d357eedb80fd93d6ae2e1c41a20c40fe0c1670b",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/settings/password/ConfirmDeviceCredentialActivity.java",
"function": "showBiometricPrompt"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"47896703651626902280454828186725763590",
"76951462188717936231112119743495001960",
"146980190423460343504454688995850973586",
"217120689376946272442527366733014902094",
"108300493962106550220579955627621656876",
"264389530625051813191338583849141879594",
"285552957212872370043373959155655975041",
"223871996873881961004049797476705851749",
"236705234711453985753506979548508008547"
]
},
"id": "ASB-A-339532378-5aff84f0",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/3d357eedb80fd93d6ae2e1c41a20c40fe0c1670b",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/settings/password/ConfirmDeviceCredentialActivity.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1360.0,
"function_hash": "233030647194746958109691740783133398235"
},
"id": "ASB-A-339532378-6058ed7d",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/3d357eedb80fd93d6ae2e1c41a20c40fe0c1670b",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/settings/password/BiometricFragment.java",
"function": "onCreate"
},
"signature_type": "Function"
},
{
"digest": {
"length": 5593.0,
"function_hash": "93189397042202878851090165398963299855"
},
"id": "ASB-A-339532378-82635e73",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/3d357eedb80fd93d6ae2e1c41a20c40fe0c1670b",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/settings/password/ConfirmDeviceCredentialActivity.java",
"function": "onCreate"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"56988542565923540515914897084734512774",
"164846179071923827401094453685094762917",
"179955053679579069299974725795334734634",
"322260419061621698436959810053598226416",
"163553327305414945030288886807184878100",
"184883397740477747956350854255074783553",
"124077981393171571566514473705272383164",
"210415068751340283068454131226223629073",
"204749693022796054471025409707093368752",
"81541343748215523742704135083720244609",
"139514941006614628967395269506426915023",
"187200411898395697500297824831097028510",
"317323666951130949930280543479820766357",
"134525654446312110976835024735458442145",
"176478373937549012871006515070275527118",
"210433110614817564307635795460850770534",
"112055256766023614693534153747943585845",
"100957411046816443800063922629167705562",
"264576205214898118841964229134055671388",
"332413159547934220780295584287591007174",
"28925555746665208944602864136059594445",
"94437728117359607748560507575907497998",
"93632341938445720643359694560875080849",
"250600632479834967574243475818626213839",
"145061204329957628425044469503897754178"
]
},
"id": "ASB-A-339532378-df4784d9",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/3d357eedb80fd93d6ae2e1c41a20c40fe0c1670b",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/settings/password/BiometricFragment.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 243.0,
"function_hash": "286972445545211193216944745402914106210"
},
"id": "ASB-A-339532378-f213d2d9",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/3d357eedb80fd93d6ae2e1c41a20c40fe0c1670b",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/settings/password/BiometricFragment.java",
"function": "newInstance"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/3d357eedb80fd93d6ae2e1c41a20c40fe0c1670b"
],
"spl": "2025-04-01",
"severity": "High",
"types": [
"EoP"
]
}