{"id":"ASB-A-233605527","details":"In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.","aliases":["A-233605527","CVE-2024-43765"],"modified":"2026-05-25T16:46:24.913870386Z","published":"2025-01-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-01-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/6a1dd25117d5406d3befe404335202623778736a"}],"affected":[{"package":{"name":"platform/packages/apps/DocumentsUI","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2025-01-01"}]}],"versions":["15-next"],"ecosystem_specific":{"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/f19514065f9807f579d3cbb45feee96184f36411"],"vanir_signatures":[{"target":{"file":"src/com/android/documentsui/picker/ConfirmFragment.java"},"source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/f19514065f9807f579d3cbb45feee96184f36411","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["271386596174838460193387806319468664293","246810172530391874320035258365755324038","234733233448374129766506202653716240446","304319747724297934888211609965756361563","301521369216643593970466158097590294188","84717479905374598172268611885049970860","295415119472706017610704514205668575047","260913852173745355656013809836594692834"]},"id":"ASB-A-233605527-7bc0b080","deprecated":false},{"target":{"file":"src/com/android/documentsui/picker/ConfirmFragment.java","function":"onCreateDialog"},"source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/f19514065f9807f579d3cbb45feee96184f36411","signature_version":"v1","signature_type":"Function","digest":{"function_hash":"99751798087559639081598668288973230162","length":1314},"id":"ASB-A-233605527-7de0e05e","deprecated":false},{"target":{"file":"src/com/android/documentsui/BaseActivity.java","function":"onCreate"},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/f19514065f9807f579d3cbb45feee96184f36411","digest":{"function_hash":"169336749586218159473139282774134854889","length":4243},"id":"ASB-A-233605527-b2cb59af","deprecated":false},{"target":{"file":"src/com/android/documentsui/BaseActivity.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["139897962216699736742181233425162167032","220590923285174547950214650603364643732","77262789827853445517462766554704932148"]},"source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/f19514065f9807f579d3cbb45feee96184f36411","signature_version":"v1","id":"ASB-A-233605527-bd84f76c","deprecated":false}],"spl":"2025-01-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-233605527.json"}},{"package":{"name":"platform/packages/apps/DocumentsUI","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2025-01-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/2de5d72a3cd83be5adafd00bfef50850784c21c9"],"vanir_signatures":[{"target":{"file":"src/com/android/documentsui/picker/ConfirmFragment.java"},"source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/2de5d72a3cd83be5adafd00bfef50850784c21c9","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["276381530802206527641111603323052654265","7995517934657804647775531674347883746","251527085332140698884099667620247418761","170028048836128503969773428803977617087","301521369216643593970466158097590294188","84717479905374598172268611885049970860","295415119472706017610704514205668575047","260913852173745355656013809836594692834"]},"id":"ASB-A-233605527-0a4657b4","deprecated":false},{"target":{"file":"src/com/android/documentsui/picker/ConfirmFragment.java","function":"onCreateDialog"},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/2de5d72a3cd83be5adafd00bfef50850784c21c9","digest":{"function_hash":"99751798087559639081598668288973230162","length":1314},"id":"ASB-A-233605527-615cedc0","deprecated":false},{"deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/2de5d72a3cd83be5adafd00bfef50850784c21c9","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["139897962216699736742181233425162167032","220590923285174547950214650603364643732","77262789827853445517462766554704932148"]},"id":"ASB-A-233605527-819591f4","target":{"file":"src/com/android/documentsui/BaseActivity.java"}},{"target":{"file":"src/com/android/documentsui/BaseActivity.java","function":"onCreate"},"digest":{"function_hash":"298408937990283233481199121595131026300","length":4127},"source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/2de5d72a3cd83be5adafd00bfef50850784c21c9","signature_type":"Function","signature_version":"v1","id":"ASB-A-233605527-ea35dca7","deprecated":false}],"spl":"2025-01-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-233605527.json"}},{"package":{"name":"platform/packages/apps/DocumentsUI","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2025-01-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/14c45fc9056f9841e51533fda4805e8ee5cdce51"],"vanir_signatures":[{"target":{"file":"src/com/android/documentsui/BaseActivity.java"},"digest":{"threshold":0.9,"line_hashes":["139897962216699736742181233425162167032","220590923285174547950214650603364643732","77262789827853445517462766554704932148"]},"source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/14c45fc9056f9841e51533fda4805e8ee5cdce51","signature_type":"Line","signature_version":"v1","id":"ASB-A-233605527-1a673a0e","deprecated":false},{"deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/14c45fc9056f9841e51533fda4805e8ee5cdce51","signature_version":"v1","signature_type":"Function","digest":{"function_hash":"99751798087559639081598668288973230162","length":1314},"id":"ASB-A-233605527-2e65bd43","target":{"file":"src/com/android/documentsui/picker/ConfirmFragment.java","function":"onCreateDialog"}},{"target":{"file":"src/com/android/documentsui/BaseActivity.java","function":"onCreate"},"digest":{"function_hash":"298408937990283233481199121595131026300","length":4127},"source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/14c45fc9056f9841e51533fda4805e8ee5cdce51","signature_type":"Function","signature_version":"v1","id":"ASB-A-233605527-5d281394","deprecated":false},{"target":{"file":"src/com/android/documentsui/picker/ConfirmFragment.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["276381530802206527641111603323052654265","7995517934657804647775531674347883746","251527085332140698884099667620247418761","170028048836128503969773428803977617087","301521369216643593970466158097590294188","84717479905374598172268611885049970860","295415119472706017610704514205668575047","260913852173745355656013809836594692834"]},"source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/14c45fc9056f9841e51533fda4805e8ee5cdce51","signature_version":"v1","id":"ASB-A-233605527-add44acb","deprecated":false}],"spl":"2025-01-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-233605527.json"}},{"package":{"name":"platform/packages/apps/DocumentsUI","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15:0"},{"fixed":"15:2025-01-01"}]}],"versions":["15"],"ecosystem_specific":{"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/5178a952e18ee66f1b3c14796708d0d60058a157"],"spl":"2025-01-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-233605527.json"}},{"package":{"name":"platform/packages/apps/DocumentsUI","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2025-01-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/0f5f4b53ad43b891cc04ef8bd059e28fba1cc44c"],"vanir_signatures":[{"target":{"file":"src/com/android/documentsui/BaseActivity.java"},"digest":{"threshold":0.9,"line_hashes":["140832134287710410728917235462454892895","69661308799903031711319181534987625419","36140893569871441780965343496012081278","212613829433508033093884891075251292156","139897962216699736742181233425162167032","220590923285174547950214650603364643732","77262789827853445517462766554704932148"]},"source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/0f5f4b53ad43b891cc04ef8bd059e28fba1cc44c","signature_type":"Line","signature_version":"v1","id":"ASB-A-233605527-195e02a4","deprecated":false},{"target":{"file":"src/com/android/documentsui/BaseActivity.java","function":"onCreate"},"digest":{"function_hash":"7399082904591817902057891077307787146","length":4028},"source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/0f5f4b53ad43b891cc04ef8bd059e28fba1cc44c","signature_type":"Function","signature_version":"v1","id":"ASB-A-233605527-38961b6b","deprecated":false},{"target":{"file":"src/com/android/documentsui/picker/ConfirmFragment.java"},"source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/0f5f4b53ad43b891cc04ef8bd059e28fba1cc44c","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["271386596174838460193387806319468664293","246810172530391874320035258365755324038","234733233448374129766506202653716240446","304319747724297934888211609965756361563","301521369216643593970466158097590294188","84717479905374598172268611885049970860","295415119472706017610704514205668575047","260913852173745355656013809836594692834"]},"id":"ASB-A-233605527-4d7a7b44","deprecated":false},{"target":{"file":"src/com/android/documentsui/picker/ConfirmFragment.java","function":"onCreateDialog"},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/0f5f4b53ad43b891cc04ef8bd059e28fba1cc44c","digest":{"function_hash":"99751798087559639081598668288973230162","length":1314},"id":"ASB-A-233605527-bb4d4a70","deprecated":false}],"spl":"2025-01-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-233605527.json"}},{"package":{"name":"platform/packages/apps/DocumentsUI","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2025-01-01"}]}],"versions":["14"],"ecosystem_specific":{"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/0f5f4b53ad43b891cc04ef8bd059e28fba1cc44c"],"vanir_signatures":[{"target":{"file":"src/com/android/documentsui/picker/ConfirmFragment.java","function":"onCreateDialog"},"digest":{"function_hash":"99751798087559639081598668288973230162","length":1314},"source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/0f5f4b53ad43b891cc04ef8bd059e28fba1cc44c","signature_type":"Function","signature_version":"v1","id":"ASB-A-233605527-0334497b","deprecated":false},{"target":{"file":"src/com/android/documentsui/BaseActivity.java","function":"onCreate"},"signature_type":"Function","digest":{"function_hash":"7399082904591817902057891077307787146","length":4028},"source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/0f5f4b53ad43b891cc04ef8bd059e28fba1cc44c","signature_version":"v1","id":"ASB-A-233605527-4d424a17","deprecated":false},{"target":{"file":"src/com/android/documentsui/BaseActivity.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["140832134287710410728917235462454892895","69661308799903031711319181534987625419","36140893569871441780965343496012081278","212613829433508033093884891075251292156","139897962216699736742181233425162167032","220590923285174547950214650603364643732","77262789827853445517462766554704932148"]},"source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/0f5f4b53ad43b891cc04ef8bd059e28fba1cc44c","signature_version":"v1","id":"ASB-A-233605527-771a40d2","deprecated":false},{"deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/0f5f4b53ad43b891cc04ef8bd059e28fba1cc44c","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["271386596174838460193387806319468664293","246810172530391874320035258365755324038","234733233448374129766506202653716240446","304319747724297934888211609965756361563","301521369216643593970466158097590294188","84717479905374598172268611885049970860","295415119472706017610704514205668575047","260913852173745355656013809836594692834"]},"id":"ASB-A-233605527-a9cfcd31","target":{"file":"src/com/android/documentsui/picker/ConfirmFragment.java"}}],"spl":"2025-01-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-233605527.json"}}],"schema_version":"1.7.5"}