ASB-A-352294617
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/ASB-A-352294617.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ASB-A-352294617
- Aliases
-
- A-352294617
- CVE-2025-22439
- Published
- 2025-04-01T00:00:00Z
- Modified
- 2025-08-06T16:29:06.385449Z
- Summary
- [none]
- Details
-
In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android
platform/packages/apps/DocumentsUI
Package
- Name
- platform/packages/apps/DocumentsUI
Ecosystem specific
{
"types": [
"EoP"
],
"fixes": [
"https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/30596588b508f1e5e97631470af479214898064a"
],
"severity": "High",
"vanir_signatures": [
{
"match_only_versions": [
"15-next"
],
"deprecated": false,
"target": {
"file": "src/com/android/documentsui/picker/ActionHandler.java",
"function": "onLastAccessedStackLoaded"
},
"digest": {
"function_hash": "235827959310678841809653468090094582977",
"length": 185.0
},
"signature_type": "Function",
"signature_version": "v1",
"id": "ASB-A-352294617-2f82ceaa",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/30596588b508f1e5e97631470af479214898064a"
},
{
"match_only_versions": [
"15-next"
],
"deprecated": false,
"target": {
"file": "src/com/android/documentsui/picker/ActionHandler.java"
},
"digest": {
"line_hashes": [
"171691179244059375517981645953710485989",
"332186133573208365621504268799051430987",
"310613000802053196315960556837920922918",
"193450857615420576058231835415158831496"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"id": "ASB-A-352294617-7b550bbc",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/30596588b508f1e5e97631470af479214898064a"
}
],
"spl": "2025-04-01"
}platform/packages/apps/DocumentsUI
Package
- Name
- platform/packages/apps/DocumentsUI
Ecosystem specific
{
"types": [
"EoP"
],
"fixes": [
"https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/0f051c7b87a5150edb2b851eba15793ef9f0ae54"
],
"severity": "High",
"vanir_signatures": [
{
"match_only_versions": [
"15"
],
"deprecated": false,
"target": {
"file": "src/com/android/documentsui/picker/ActionHandler.java",
"function": "onLastAccessedStackLoaded"
},
"digest": {
"function_hash": "235827959310678841809653468090094582977",
"length": 185.0
},
"signature_type": "Function",
"signature_version": "v1",
"id": "ASB-A-352294617-58d73c54",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/0f051c7b87a5150edb2b851eba15793ef9f0ae54"
},
{
"match_only_versions": [
"15"
],
"deprecated": false,
"target": {
"file": "src/com/android/documentsui/picker/ActionHandler.java"
},
"digest": {
"line_hashes": [
"171691179244059375517981645953710485989",
"332186133573208365621504268799051430987",
"310613000802053196315960556837920922918",
"193450857615420576058231835415158831496"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"id": "ASB-A-352294617-ebcc2007",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/0f051c7b87a5150edb2b851eba15793ef9f0ae54"
}
],
"spl": "2025-04-01"
}platform/packages/apps/DocumentsUI
Package
- Name
- platform/packages/apps/DocumentsUI
Ecosystem specific
{
"types": [
"EoP"
],
"fixes": [
"https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/d560a29f2713717cf33960a1c0e115fdea448d70",
"https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/3c94e70a1d0176dc86dd051630017676c09499fb"
],
"severity": "High",
"vanir_signatures": [
{
"match_only_versions": [
"13"
],
"deprecated": false,
"target": {
"file": "src/com/android/documentsui/picker/ActionHandler.java"
},
"digest": {
"line_hashes": [
"171691179244059375517981645953710485989",
"332186133573208365621504268799051430987",
"310613000802053196315960556837920922918",
"193450857615420576058231835415158831496"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"id": "ASB-A-352294617-1701e761",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/3c94e70a1d0176dc86dd051630017676c09499fb"
},
{
"match_only_versions": [
"13"
],
"deprecated": false,
"target": {
"file": "src/com/android/documentsui/AbstractActionHandler.java",
"function": "onStackLoaded"
},
"digest": {
"function_hash": "98852058868668271256027859289938661797",
"length": 460.0
},
"signature_type": "Function",
"signature_version": "v1",
"id": "ASB-A-352294617-42782f08",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/d560a29f2713717cf33960a1c0e115fdea448d70"
},
{
"match_only_versions": [
"13"
],
"deprecated": false,
"target": {
"file": "src/com/android/documentsui/AbstractActionHandler.java"
},
"digest": {
"line_hashes": [
"142457914429796101033230524321505558904",
"248662188938343179070489136000061546043",
"143323109996567680244682681011563908684",
"247295188300998764093900141729967298212",
"104879663017426570362552704577565145937",
"119258988697698457769296765622298402469",
"302321250139757878596505872066802038214",
"187322431086842015022180395562501208729",
"80482851631271324920543179721462626252",
"112475172726595644325632678925772892213",
"136715117784820985866696486584275442643",
"291479366121236809655941654140472266217",
"174044944620369887574656802823716607676",
"249811743337444040683926673972569540794",
"118539851036463652554750137797079945059",
"105214912594590019476067528026919861182",
"207669879924193023865214943373117429726",
"89047888937551549151480516707229268080",
"156190338872341527505440813061971894324",
"79405209747248806981826806502868489544",
"124028408535364503060910981145564912117",
"72592288561752765554996363729356439462"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"id": "ASB-A-352294617-63f1ced3",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/d560a29f2713717cf33960a1c0e115fdea448d70"
},
{
"match_only_versions": [
"13"
],
"deprecated": false,
"target": {
"file": "src/com/android/documentsui/AbstractActionHandler.java",
"function": "launchToDocument"
},
"digest": {
"function_hash": "220779301589136654623767168578623837325",
"length": 176.0
},
"signature_type": "Function",
"signature_version": "v1",
"id": "ASB-A-352294617-8eae6752",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/d560a29f2713717cf33960a1c0e115fdea448d70"
},
{
"match_only_versions": [
"13"
],
"deprecated": false,
"target": {
"file": "src/com/android/documentsui/picker/ActionHandler.java",
"function": "launchToInitialUri"
},
"digest": {
"function_hash": "290490423837355950130854104193132497137",
"length": 353.0
},
"signature_type": "Function",
"signature_version": "v1",
"id": "ASB-A-352294617-945e32c4",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/d560a29f2713717cf33960a1c0e115fdea448d70"
},
{
"match_only_versions": [
"13"
],
"deprecated": false,
"target": {
"file": "src/com/android/documentsui/picker/ActionHandler.java"
},
"digest": {
"line_hashes": [
"146900902099775877305517027233147741432",
"318859290528433102269313983964992988929",
"164403444356783458457888506127310018620",
"248162350841269851631415765465253673629",
"4038315108275023168551028870134584369",
"260414349186362907024160695180320848633",
"64194186902393970006025165618936829362",
"232722214822858564029005135355553617115",
"13998026526914258371666190366174602384",
"77619659253829934914303475339377526596",
"154627815746938434017328336363701337318",
"146429336589290927174502330731060454252",
"217668260551298052903486268800959845110",
"99622303965366864877430498295302008988",
"165297286615352249113065439590548660978",
"229571165116122210021199344344022147961",
"279441047723650910387454314573207411691",
"330829134672129145565043108146903799440",
"65966069433118938063268605190864492859",
"72195967867937367734287269385493219003",
"8196736645508807040791123009737937795",
"24039427026154519973358813586802790603",
"102648835343760577367176470127784770523",
"75812505849233335634579308502480208393",
"236772639686892191712126579852569691349",
"273941410906550559538753849806115276755",
"123561129789477226794573716557040406064",
"41018488134637733606663112915706856867",
"29487229246158873607733418611910361998",
"259964291305379672127533294576816259413",
"193945555105656936453847297800470789796",
"93855144005316360594160421217747824699",
"19367891774165043615548572469023889720"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"id": "ASB-A-352294617-956c1542",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/d560a29f2713717cf33960a1c0e115fdea448d70"
},
{
"match_only_versions": [
"13"
],
"deprecated": false,
"target": {
"file": "src/com/android/documentsui/picker/ActionHandler.java",
"function": "onLastAccessedStackLoaded"
},
"digest": {
"function_hash": "235827959310678841809653468090094582977",
"length": 185.0
},
"signature_type": "Function",
"signature_version": "v1",
"id": "ASB-A-352294617-df1f2b05",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/3c94e70a1d0176dc86dd051630017676c09499fb"
}
],
"spl": "2025-04-01"
}platform/packages/apps/DocumentsUI
Package
- Name
- platform/packages/apps/DocumentsUI
Ecosystem specific
{
"types": [
"EoP"
],
"fixes": [
"https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/ae840b1f17869f5592cb1957d2e0e2d0af1be96b",
"https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/b446bcc230b16a3171b70165521144e06b98bdfe"
],
"severity": "High",
"vanir_signatures": [
{
"digest": {
"function_hash": "250495507411243623722516825665214863996",
"length": 529.0
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "src/com/android/documentsui/picker/ActionHandler.java",
"function": "launchToInitialUri"
},
"id": "ASB-A-352294617-58463ecf",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/ae840b1f17869f5592cb1957d2e0e2d0af1be96b"
},
{
"match_only_versions": [
"14"
],
"deprecated": false,
"target": {
"file": "src/com/android/documentsui/picker/ActionHandler.java"
},
"digest": {
"line_hashes": [
"171691179244059375517981645953710485989",
"332186133573208365621504268799051430987",
"310613000802053196315960556837920922918",
"193450857615420576058231835415158831496"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"id": "ASB-A-352294617-90a29172",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/b446bcc230b16a3171b70165521144e06b98bdfe"
},
{
"match_only_versions": [
"14"
],
"deprecated": false,
"target": {
"file": "src/com/android/documentsui/AbstractActionHandler.java",
"function": "launchToDocument"
},
"digest": {
"function_hash": "220779301589136654623767168578623837325",
"length": 176.0
},
"signature_type": "Function",
"signature_version": "v1",
"id": "ASB-A-352294617-a888f100",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/ae840b1f17869f5592cb1957d2e0e2d0af1be96b"
},
{
"match_only_versions": [
"14"
],
"deprecated": false,
"target": {
"file": "src/com/android/documentsui/AbstractActionHandler.java"
},
"digest": {
"line_hashes": [
"142457914429796101033230524321505558904",
"248662188938343179070489136000061546043",
"143323109996567680244682681011563908684",
"247295188300998764093900141729967298212",
"104879663017426570362552704577565145937",
"119258988697698457769296765622298402469",
"302321250139757878596505872066802038214",
"187322431086842015022180395562501208729",
"80482851631271324920543179721462626252",
"112475172726595644325632678925772892213",
"136715117784820985866696486584275442643",
"291479366121236809655941654140472266217",
"174044944620369887574656802823716607676",
"249811743337444040683926673972569540794",
"118539851036463652554750137797079945059",
"105214912594590019476067528026919861182",
"207669879924193023865214943373117429726",
"89047888937551549151480516707229268080",
"156190338872341527505440813061971894324",
"79405209747248806981826806502868489544",
"124028408535364503060910981145564912117",
"72592288561752765554996363729356439462"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"id": "ASB-A-352294617-b05ac5b9",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/ae840b1f17869f5592cb1957d2e0e2d0af1be96b"
},
{
"digest": {
"line_hashes": [
"146900902099775877305517027233147741432",
"318859290528433102269313983964992988929",
"164403444356783458457888506127310018620",
"248162350841269851631415765465253673629",
"4038315108275023168551028870134584369",
"260414349186362907024160695180320848633",
"64194186902393970006025165618936829362",
"232722214822858564029005135355553617115",
"13998026526914258371666190366174602384",
"77619659253829934914303475339377526596",
"154627815746938434017328336363701337318",
"146429336589290927174502330731060454252",
"13281347547761241650385995038599159983",
"74364489959487418265758427846243886590",
"96708080210210156442250584076912082077",
"296835060419974429098046627969059693372",
"206593648881683517364100103513856869494",
"243930276998056777932804693767775053697",
"180564559714678816190653094586940539430",
"58357081531766740970430900406575838926",
"330829134672129145565043108146903799440",
"65966069433118938063268605190864492859",
"72195967867937367734287269385493219003",
"194494301148383095874985346430733145035",
"205568127916538190386059219222449924806",
"92794476400099199108037969884179808269",
"180454155799963018324806395786263395475",
"162069529140246141224272776264390429302",
"164405110789981555261427684046647342179",
"8196736645508807040791123009737937795",
"24039427026154519973358813586802790603",
"333836467958905219240130955128921153796",
"135896897669063989582422735452371161050",
"66301175579531054457373885561419520686",
"307327993690905581279626036019076050751",
"14793197232913238588327568410771307039",
"224160233742921549023771992174967428454",
"59116582675615292228077568211358532541",
"28032684166115626505630223136014435432",
"273941410906550559538753849806115276755",
"123561129789477226794573716557040406064",
"41018488134637733606663112915706856867",
"29487229246158873607733418611910361998",
"259964291305379672127533294576816259413",
"193945555105656936453847297800470789796",
"93855144005316360594160421217747824699",
"19367891774165043615548572469023889720"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "src/com/android/documentsui/picker/ActionHandler.java"
},
"id": "ASB-A-352294617-b4cfa681",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/ae840b1f17869f5592cb1957d2e0e2d0af1be96b"
},
{
"match_only_versions": [
"14"
],
"deprecated": false,
"target": {
"file": "src/com/android/documentsui/picker/ActionHandler.java",
"function": "onLastAccessedStackLoaded"
},
"digest": {
"function_hash": "235827959310678841809653468090094582977",
"length": 185.0
},
"signature_type": "Function",
"signature_version": "v1",
"id": "ASB-A-352294617-c47970ff",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/b446bcc230b16a3171b70165521144e06b98bdfe"
},
{
"match_only_versions": [
"14"
],
"deprecated": false,
"target": {
"file": "src/com/android/documentsui/AbstractActionHandler.java",
"function": "onStackLoaded"
},
"digest": {
"function_hash": "98852058868668271256027859289938661797",
"length": 460.0
},
"signature_type": "Function",
"signature_version": "v1",
"id": "ASB-A-352294617-e05a407a",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/DocumentsUI/+/ae840b1f17869f5592cb1957d2e0e2d0af1be96b"
}
],
"spl": "2025-04-01"
}