ASB-A-373467684
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/ASB-A-373467684.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ASB-A-373467684
- Aliases
-
- A-373467684
- CVE-2025-32312
- Published
- 2025-06-01T00:00:00Z
- Modified
- 2025-08-07T04:57:15.669763Z
- Summary
- [none]
- Details
-
In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"spl": "2025-06-01",
"types": [
"EoP"
],
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/65c1a90bf4af54f555ded29ec2384072b1c962b8",
"signature_version": "v1",
"target": {
"function": "createIntentsList",
"file": "core/java/android/content/pm/PackageParser.java"
},
"digest": {
"length": 585.0,
"function_hash": "25686159493623211619787215512398345538"
},
"id": "ASB-A-373467684-0f294854"
},
{
"deprecated": false,
"signature_type": "Line",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/65c1a90bf4af54f555ded29ec2384072b1c962b8",
"signature_version": "v1",
"target": {
"file": "core/java/android/content/pm/PackageParser.java"
},
"digest": {
"line_hashes": [
"109803237766122648025674423814563045897",
"230092335716608527425692838741407045547",
"233404416498654765875498009191951814135",
"93002042245188852370503082178180262737"
],
"threshold": 0.9
},
"id": "ASB-A-373467684-24383d32"
}
],
"severity": "High",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/65c1a90bf4af54f555ded29ec2384072b1c962b8"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"spl": "2025-06-01",
"types": [
"EoP"
],
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/cfd0ded301a5848b9b2caedb44878ae6ff0a7456",
"signature_version": "v1",
"target": {
"function": "createIntentsList",
"file": "core/java/android/content/pm/PackageParser.java"
},
"digest": {
"length": 585.0,
"function_hash": "25686159493623211619787215512398345538"
},
"id": "ASB-A-373467684-5b32fdd8"
},
{
"deprecated": false,
"signature_type": "Line",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/cfd0ded301a5848b9b2caedb44878ae6ff0a7456",
"signature_version": "v1",
"target": {
"file": "core/java/android/content/pm/PackageParser.java"
},
"digest": {
"line_hashes": [
"109803237766122648025674423814563045897",
"230092335716608527425692838741407045547",
"233404416498654765875498009191951814135",
"93002042245188852370503082178180262737"
],
"threshold": 0.9
},
"id": "ASB-A-373467684-d87b3246"
}
],
"severity": "High",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/cfd0ded301a5848b9b2caedb44878ae6ff0a7456"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"spl": "2025-06-01",
"types": [
"EoP"
],
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Line",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/249d11226b24f660af50cac7e41b5fed1d0ee19a",
"signature_version": "v1",
"target": {
"file": "core/java/android/content/pm/PackageParser.java"
},
"digest": {
"line_hashes": [
"109803237766122648025674423814563045897",
"230092335716608527425692838741407045547",
"233404416498654765875498009191951814135",
"93002042245188852370503082178180262737"
],
"threshold": 0.9
},
"id": "ASB-A-373467684-26754784"
},
{
"deprecated": false,
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/249d11226b24f660af50cac7e41b5fed1d0ee19a",
"signature_version": "v1",
"target": {
"function": "createIntentsList",
"file": "core/java/android/content/pm/PackageParser.java"
},
"digest": {
"length": 585.0,
"function_hash": "25686159493623211619787215512398345538"
},
"id": "ASB-A-373467684-f4b0b2df"
}
],
"severity": "High",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/249d11226b24f660af50cac7e41b5fed1d0ee19a"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"spl": "2025-06-01",
"types": [
"EoP"
],
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/9937e7194ae9a2051c90d38a5bd7e7505b19cb87",
"signature_version": "v1",
"target": {
"function": "createIntentsList",
"file": "core/java/android/content/pm/PackageParser.java"
},
"digest": {
"length": 585.0,
"function_hash": "25686159493623211619787215512398345538"
},
"id": "ASB-A-373467684-3712c895"
},
{
"deprecated": false,
"signature_type": "Line",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/9937e7194ae9a2051c90d38a5bd7e7505b19cb87",
"signature_version": "v1",
"target": {
"file": "core/java/android/content/pm/PackageParser.java"
},
"digest": {
"line_hashes": [
"109803237766122648025674423814563045897",
"230092335716608527425692838741407045547",
"233404416498654765875498009191951814135",
"93002042245188852370503082178180262737"
],
"threshold": 0.9
},
"id": "ASB-A-373467684-dd64bd42"
}
],
"severity": "High",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/9937e7194ae9a2051c90d38a5bd7e7505b19cb87"
]
}