ASB-A-373467684
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/ASB-A-373467684.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ASB-A-373467684
- Aliases
-
- A-373467684
- CVE-2025-32312
- Published
- 2025-06-01T00:00:00Z
- Modified
- 2025-08-07T04:57:15.669763Z
- Summary
- [none]
- Details
-
In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"vanir_signatures": [
{
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/65c1a90bf4af54f555ded29ec2384072b1c962b8",
"target": {
"file": "core/java/android/content/pm/PackageParser.java",
"function": "createIntentsList"
},
"id": "ASB-A-373467684-0f294854",
"signature_version": "v1",
"digest": {
"function_hash": "25686159493623211619787215512398345538",
"length": 585.0
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/65c1a90bf4af54f555ded29ec2384072b1c962b8",
"target": {
"file": "core/java/android/content/pm/PackageParser.java"
},
"id": "ASB-A-373467684-24383d32",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"109803237766122648025674423814563045897",
"230092335716608527425692838741407045547",
"233404416498654765875498009191951814135",
"93002042245188852370503082178180262737"
]
},
"deprecated": false
}
],
"spl": "2025-06-01",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/65c1a90bf4af54f555ded29ec2384072b1c962b8"
],
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"vanir_signatures": [
{
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/cfd0ded301a5848b9b2caedb44878ae6ff0a7456",
"target": {
"file": "core/java/android/content/pm/PackageParser.java",
"function": "createIntentsList"
},
"id": "ASB-A-373467684-5b32fdd8",
"signature_version": "v1",
"digest": {
"function_hash": "25686159493623211619787215512398345538",
"length": 585.0
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/cfd0ded301a5848b9b2caedb44878ae6ff0a7456",
"target": {
"file": "core/java/android/content/pm/PackageParser.java"
},
"id": "ASB-A-373467684-d87b3246",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"109803237766122648025674423814563045897",
"230092335716608527425692838741407045547",
"233404416498654765875498009191951814135",
"93002042245188852370503082178180262737"
]
},
"deprecated": false
}
],
"spl": "2025-06-01",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/cfd0ded301a5848b9b2caedb44878ae6ff0a7456"
],
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"vanir_signatures": [
{
"signature_type": "Line",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/249d11226b24f660af50cac7e41b5fed1d0ee19a",
"target": {
"file": "core/java/android/content/pm/PackageParser.java"
},
"id": "ASB-A-373467684-26754784",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"109803237766122648025674423814563045897",
"230092335716608527425692838741407045547",
"233404416498654765875498009191951814135",
"93002042245188852370503082178180262737"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/249d11226b24f660af50cac7e41b5fed1d0ee19a",
"target": {
"file": "core/java/android/content/pm/PackageParser.java",
"function": "createIntentsList"
},
"id": "ASB-A-373467684-f4b0b2df",
"signature_version": "v1",
"digest": {
"function_hash": "25686159493623211619787215512398345538",
"length": 585.0
},
"deprecated": false
}
],
"spl": "2025-06-01",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/249d11226b24f660af50cac7e41b5fed1d0ee19a"
],
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"vanir_signatures": [
{
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/9937e7194ae9a2051c90d38a5bd7e7505b19cb87",
"target": {
"file": "core/java/android/content/pm/PackageParser.java",
"function": "createIntentsList"
},
"id": "ASB-A-373467684-3712c895",
"signature_version": "v1",
"digest": {
"function_hash": "25686159493623211619787215512398345538",
"length": 585.0
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/9937e7194ae9a2051c90d38a5bd7e7505b19cb87",
"target": {
"file": "core/java/android/content/pm/PackageParser.java"
},
"id": "ASB-A-373467684-dd64bd42",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"109803237766122648025674423814563045897",
"230092335716608527425692838741407045547",
"233404416498654765875498009191951814135",
"93002042245188852370503082178180262737"
]
},
"deprecated": false
}
],
"spl": "2025-06-01",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/9937e7194ae9a2051c90d38a5bd7e7505b19cb87"
],
"types": [
"EoP"
]
}