ASB-A-376028556
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/ASB-A-376028556.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ASB-A-376028556
- Aliases
-
- A-376028556
- CVE-2025-22441
- Published
- 2025-08-01T00:00:00Z
- Modified
- 2025-08-07T04:57:15.732180Z
- Summary
- [none]
- Details
-
In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/352fb4821076f0209ab2092d53444503dcec8992",
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/37bf5823504f2a256f128123393cd149721b87fc"
],
"vanir_signatures": [
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/352fb4821076f0209ab2092d53444503dcec8992",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "core/java/android/widget/RemoteViews.java"
},
"digest": {
"line_hashes": [
"318234594094662068002484417868747089067",
"182386947253532100009025391654763344194",
"87677038499845687213759823017604232290",
"24507967960209582836110983789526298922",
"162279423724481408727853140535117008086",
"152892033948652236101092164971107106443",
"151376004588425644154129250688686084968",
"132574641805704742144565948179957075728",
"310283217575139308559335674527561256947"
],
"threshold": 0.9
},
"id": "ASB-A-376028556-80d9f5d2"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/352fb4821076f0209ab2092d53444503dcec8992",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "core/java/android/widget/RemoteViews.java",
"function": "getContextForResourcesEnsuringCorrectCachedApkPaths"
},
"digest": {
"length": 567.0,
"function_hash": "110759443643256904480438560228588026615"
},
"id": "ASB-A-376028556-9669786f"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/37bf5823504f2a256f128123393cd149721b87fc",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "core/java/android/widget/RemoteViews.java"
},
"digest": {
"line_hashes": [
"84484373518894387911584593931132927087",
"93670588842877633913137203373506632018",
"167507575764890214064131824667935172071",
"330670205545994997749963707185099131062",
"195917442012834482912918296902701406262",
"212942900104374883755297734187311322641",
"14634178386523754295676520909094304743"
],
"threshold": 0.9
},
"id": "ASB-A-376028556-b69708e9"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/352fb4821076f0209ab2092d53444503dcec8992",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "core/java/android/appwidget/AppWidgetHostView.java",
"function": "getRemoteContextEnsuringCorrectCachedApkPath"
},
"digest": {
"length": 608.0,
"function_hash": "287949419893118345749572534792311138713"
},
"id": "ASB-A-376028556-cdeb3bc4"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/37bf5823504f2a256f128123393cd149721b87fc",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "core/java/android/widget/RemoteViews.java",
"function": "getContextForResourcesEnsuringCorrectCachedApkPaths"
},
"digest": {
"length": 646.0,
"function_hash": "257213081514596335773029329328861159102"
},
"id": "ASB-A-376028556-ce79396a"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/352fb4821076f0209ab2092d53444503dcec8992",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "core/java/android/appwidget/AppWidgetHostView.java"
},
"digest": {
"line_hashes": [
"60572629492590297840456768738415091448",
"144323628469773383207646836358154214589",
"56100440564626564148927788202225199279",
"182457261934353766884995230083905103433",
"162971304618568272302697295564415965188",
"188876170376131029959506706797995509482",
"139233690523893845817630690491165993601",
"265034440336697184124993520094900138660",
"245332457772070601353817074430416317292"
],
"threshold": 0.9
},
"id": "ASB-A-376028556-ef8bb344"
}
],
"spl": "2025-08-01",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/f2251f1222e59b68d083a016bcc07d7c96980aab",
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/1e9f4e8998cc934699405bbe0779b706cfb43905"
],
"vanir_signatures": [
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/f2251f1222e59b68d083a016bcc07d7c96980aab",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "core/java/android/appwidget/AppWidgetHostView.java"
},
"digest": {
"line_hashes": [
"60572629492590297840456768738415091448",
"144323628469773383207646836358154214589",
"56100440564626564148927788202225199279",
"182457261934353766884995230083905103433",
"162971304618568272302697295564415965188",
"188876170376131029959506706797995509482",
"139233690523893845817630690491165993601",
"265034440336697184124993520094900138660",
"245332457772070601353817074430416317292"
],
"threshold": 0.9
},
"id": "ASB-A-376028556-08659c33"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/1e9f4e8998cc934699405bbe0779b706cfb43905",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "core/java/android/widget/RemoteViews.java"
},
"digest": {
"line_hashes": [
"84484373518894387911584593931132927087",
"93670588842877633913137203373506632018",
"167507575764890214064131824667935172071",
"330670205545994997749963707185099131062",
"195917442012834482912918296902701406262",
"212942900104374883755297734187311322641",
"14634178386523754295676520909094304743"
],
"threshold": 0.9
},
"id": "ASB-A-376028556-a85306d1"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/1e9f4e8998cc934699405bbe0779b706cfb43905",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "core/java/android/widget/RemoteViews.java",
"function": "getContextForResourcesEnsuringCorrectCachedApkPaths"
},
"digest": {
"length": 646.0,
"function_hash": "257213081514596335773029329328861159102"
},
"id": "ASB-A-376028556-be830f53"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/f2251f1222e59b68d083a016bcc07d7c96980aab",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "core/java/android/widget/RemoteViews.java",
"function": "getContextForResourcesEnsuringCorrectCachedApkPaths"
},
"digest": {
"length": 498.0,
"function_hash": "44267461180890547027152803667894507120"
},
"id": "ASB-A-376028556-db015abd"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/f2251f1222e59b68d083a016bcc07d7c96980aab",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "core/java/android/widget/RemoteViews.java"
},
"digest": {
"line_hashes": [
"318234594094662068002484417868747089067",
"182386947253532100009025391654763344194",
"87677038499845687213759823017604232290",
"24507967960209582836110983789526298922",
"162279423724481408727853140535117008086",
"75830114779997666176380992247571000424",
"49993412477641560706602780063922255274",
"23180009778622539445744752984951650682",
"313977016376867192122004067118789107723",
"212459228085423789148790693478525358025"
],
"threshold": 0.9
},
"id": "ASB-A-376028556-df3a1fb2"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/f2251f1222e59b68d083a016bcc07d7c96980aab",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "core/java/android/appwidget/AppWidgetHostView.java",
"function": "getRemoteContextEnsuringCorrectCachedApkPath"
},
"digest": {
"length": 608.0,
"function_hash": "287949419893118345749572534792311138713"
},
"id": "ASB-A-376028556-ff9a8e98"
}
],
"spl": "2025-08-01",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/85985722a6e7b3eee16be2e66e170f83f37f6561",
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/74decaab6437094783853b531a5c6538cce8f58f"
],
"vanir_signatures": [
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/74decaab6437094783853b531a5c6538cce8f58f",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "core/java/android/widget/RemoteViews.java"
},
"digest": {
"line_hashes": [
"84484373518894387911584593931132927087",
"93670588842877633913137203373506632018",
"167507575764890214064131824667935172071",
"330670205545994997749963707185099131062",
"195917442012834482912918296902701406262",
"212942900104374883755297734187311322641",
"14634178386523754295676520909094304743"
],
"threshold": 0.9
},
"id": "ASB-A-376028556-0ccdf45e"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/85985722a6e7b3eee16be2e66e170f83f37f6561",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "core/java/android/appwidget/AppWidgetHostView.java",
"function": "getRemoteContextEnsuringCorrectCachedApkPath"
},
"digest": {
"length": 608.0,
"function_hash": "287949419893118345749572534792311138713"
},
"id": "ASB-A-376028556-22d0165a"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/85985722a6e7b3eee16be2e66e170f83f37f6561",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "core/java/android/appwidget/AppWidgetHostView.java"
},
"digest": {
"line_hashes": [
"60572629492590297840456768738415091448",
"144323628469773383207646836358154214589",
"56100440564626564148927788202225199279",
"182457261934353766884995230083905103433",
"162971304618568272302697295564415965188",
"188876170376131029959506706797995509482",
"139233690523893845817630690491165993601",
"265034440336697184124993520094900138660",
"245332457772070601353817074430416317292"
],
"threshold": 0.9
},
"id": "ASB-A-376028556-286faa9d"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/85985722a6e7b3eee16be2e66e170f83f37f6561",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "core/java/android/widget/RemoteViews.java"
},
"digest": {
"line_hashes": [
"318234594094662068002484417868747089067",
"182386947253532100009025391654763344194",
"87677038499845687213759823017604232290",
"24507967960209582836110983789526298922",
"162279423724481408727853140535117008086",
"75830114779997666176380992247571000424",
"49993412477641560706602780063922255274",
"23180009778622539445744752984951650682",
"313977016376867192122004067118789107723",
"212459228085423789148790693478525358025"
],
"threshold": 0.9
},
"id": "ASB-A-376028556-4e397d82"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/74decaab6437094783853b531a5c6538cce8f58f",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "core/java/android/widget/RemoteViews.java",
"function": "getContextForResourcesEnsuringCorrectCachedApkPaths"
},
"digest": {
"length": 646.0,
"function_hash": "257213081514596335773029329328861159102"
},
"id": "ASB-A-376028556-7c68b405"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/85985722a6e7b3eee16be2e66e170f83f37f6561",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "core/java/android/widget/RemoteViews.java",
"function": "getContextForResourcesEnsuringCorrectCachedApkPaths"
},
"digest": {
"length": 498.0,
"function_hash": "44267461180890547027152803667894507120"
},
"id": "ASB-A-376028556-7f8bb76e"
}
],
"spl": "2025-08-01",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/85985722a6e7b3eee16be2e66e170f83f37f6561",
"https://googleplex-android.googlesource.com/platform/frameworks/base/+/74decaab6437094783853b531a5c6538cce8f58f"
],
"vanir_signatures": [
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/85985722a6e7b3eee16be2e66e170f83f37f6561",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "core/java/android/widget/RemoteViews.java"
},
"digest": {
"line_hashes": [
"318234594094662068002484417868747089067",
"182386947253532100009025391654763344194",
"87677038499845687213759823017604232290",
"24507967960209582836110983789526298922",
"162279423724481408727853140535117008086",
"75830114779997666176380992247571000424",
"49993412477641560706602780063922255274",
"23180009778622539445744752984951650682",
"313977016376867192122004067118789107723",
"212459228085423789148790693478525358025"
],
"threshold": 0.9
},
"id": "ASB-A-376028556-0724cf3f"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/85985722a6e7b3eee16be2e66e170f83f37f6561",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "core/java/android/widget/RemoteViews.java",
"function": "getContextForResourcesEnsuringCorrectCachedApkPaths"
},
"digest": {
"length": 498.0,
"function_hash": "44267461180890547027152803667894507120"
},
"id": "ASB-A-376028556-072b73f5"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/85985722a6e7b3eee16be2e66e170f83f37f6561",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "core/java/android/appwidget/AppWidgetHostView.java"
},
"digest": {
"line_hashes": [
"60572629492590297840456768738415091448",
"144323628469773383207646836358154214589",
"56100440564626564148927788202225199279",
"182457261934353766884995230083905103433",
"162971304618568272302697295564415965188",
"188876170376131029959506706797995509482",
"139233690523893845817630690491165993601",
"265034440336697184124993520094900138660",
"245332457772070601353817074430416317292"
],
"threshold": 0.9
},
"id": "ASB-A-376028556-293edf15"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/74decaab6437094783853b531a5c6538cce8f58f",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "core/java/android/widget/RemoteViews.java"
},
"digest": {
"line_hashes": [
"84484373518894387911584593931132927087",
"93670588842877633913137203373506632018",
"167507575764890214064131824667935172071",
"330670205545994997749963707185099131062",
"195917442012834482912918296902701406262",
"212942900104374883755297734187311322641",
"14634178386523754295676520909094304743"
],
"threshold": 0.9
},
"id": "ASB-A-376028556-3f687a19"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/74decaab6437094783853b531a5c6538cce8f58f",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "core/java/android/widget/RemoteViews.java",
"function": "getContextForResourcesEnsuringCorrectCachedApkPaths"
},
"digest": {
"length": 646.0,
"function_hash": "257213081514596335773029329328861159102"
},
"id": "ASB-A-376028556-b15457d7"
},
{
"deprecated": false,
"source": "https://googleplex-android.googlesource.com/platform/frameworks/base/+/85985722a6e7b3eee16be2e66e170f83f37f6561",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "core/java/android/appwidget/AppWidgetHostView.java",
"function": "getRemoteContextEnsuringCorrectCachedApkPath"
},
"digest": {
"length": 608.0,
"function_hash": "287949419893118345749572534792311138713"
},
"id": "ASB-A-376028556-ec71032f"
}
],
"spl": "2025-08-01",
"types": [
"EoP"
]
}