{"id":"ASB-A-313909156","details":"In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-313909156","CVE-2025-26420"],"modified":"2026-05-01T15:24:27.653932Z","published":"2025-05-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-05-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Permission/+/6bed47f63ec0600b3c57388449db37405c68dc58"}],"affected":[{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2025-05-01"}]}],"versions":["15-next"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/4695447d05449dc66412a16bc643556443a344e3"],"vanir_signatures":[{"id":"ASB-A-313909156-1484b1ce","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java","function":"onPermissionGrantResult"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/4695447d05449dc66412a16bc643556443a344e3","signature_version":"v1","digest":{"length":660,"function_hash":"129748535921948931016636929286576884070"}},{"id":"ASB-A-313909156-1635c9c3","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java","function":"setResultIfNeeded"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/4695447d05449dc66412a16bc643556443a344e3","signature_version":"v1","digest":{"length":974,"function_hash":"237257450632212944378772553299579119159"}},{"id":"ASB-A-313909156-7d8a4bff","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java","function":"showNextRequest"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/4695447d05449dc66412a16bc643556443a344e3","signature_version":"v1","digest":{"length":3188,"function_hash":"206204665237318696419502987127570188075"}},{"id":"ASB-A-313909156-cbb9235f","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"},"deprecated":false,"signature_type":"Line","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/4695447d05449dc66412a16bc643556443a344e3","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["186467399167775900187323183962978158017","172497855422347814760396118002983671817","334527182618689280485115449642837984420","75917438917140843374651941704896994342","330613294008500563934349749652443920407","181635855760481884070321441589001633509","279504404980726276191023920782438881119","13527397992708905666576783064111768118","96049487661591365014897225881473379812","253605308563205905339372903397511703887","51416694353721343349112545224463017887","131457580541996635708619611035152093636","129446988498313116129295175708904280012","335082709399663640169700927721739837826","32650189432380887447674064311816413534","100992869935386542867012217975218379464","72867257842727325902078921719376273420","257506428077875157149658364772360437196","251457489055333475205342791949269626132","58889912616164054690732136175584397314","251067826445021144989084091170631791946","147317158956102727551123264839787063221","171432051035848690698190456082571319059","263128821243869128108983470132187230157","281327142696372053018715966114063475852","335621956170585084266642750003720206677","139642345071484036123943714279891346375","21276021345266436724701258659191009231","236886897908126801531837302594107208597","42770772941194742588182913795986968252","191956498141511282491121701295386757163","209601098936646850459471660577513831903","234397455240698749625696818450740476782","257280354126578040565656924447308171605","263321366157998656397679355632027858243","241757257044918184481683614225135054505","203767625223976589256523104318992678979","41118337435660706531588244749630974052","118574410387114613899710666455814034057","19806348458286784028998526376047235096","222589611628964743458115884746092905455","202213713867760682633042331947507531716","161446306026169860682222883211575011837","244425340686630035937406956629427414604","39242131779113619965150576499258152347","144074775192892221875422448805440255377","78236171019064070314122226124461268303","127715520721743188403660119658618805371","246552072053065493818311771062034219998","282671794518609310084358683216790655941","77919309481846488420945705682932230861","254978004380690969107571850886920907451","104221079492046264388526162238241330791","202568095828519406219350520690138269692","97448447785530436474746889589596757860","218603402382334643126929561909262340634","335621956170585084266642750003720206677","139642345071484036123943714279891346375","74842047812047406173586138647702010421","8834962737553501764486537916981555347","321619211494427535560247753706009459836","188202191662862754781582646874614166325","79524901457296159006784139737930114312","339436491805983263492629339516614754761","140396206956437311801604185959052188486","222158510387789391525336606802441952922","283208045468880161408341287057838680229","82547741161243374769321371885130838351","303482665607101570162012338582097758400","233840722647260708249791944403663565536","130134976410191085850606971620496077601","15874437291589469412795448680789960336","43470205215830191152782184854973616196","337057569442645699544716469569515782732","157868399213753125303488560936755848569","137989111665290747639634696356686879276","148472461664280173861002660664868032170","296822696825891912758165311467941473017","183644810974021584317859200990524460124","70189152197916780114053804003957891941","320779411307656031513079526170684403006","119969270777825677640801323061643227554","113947298663636355010306812726770715095","152320592790599160717128162988643093909","196199114566819347683131916661087664347","154409250749766351555608474056002775923","181432558917429005077451391355481006360","109203780897526864700728130540654200194","30852010842730519310358091579685119667"]}},{"id":"ASB-A-313909156-f048cc05","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java","function":"onNewFollowerActivity"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/4695447d05449dc66412a16bc643556443a344e3","signature_version":"v1","digest":{"length":1155,"function_hash":"83460400433071553615773067354470702856"}},{"id":"ASB-A-313909156-fb709239","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java","function":"onCreate"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/4695447d05449dc66412a16bc643556443a344e3","signature_version":"v1","digest":{"length":5315,"function_hash":"101284071973521971571371948875634833276"}}],"spl":"2025-05-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-313909156.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2025-05-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/3221a7d15d9a04e77286c5ec7c4a0704b046eb6f"],"vanir_signatures":[{"id":"ASB-A-313909156-12e11f95","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"},"deprecated":false,"signature_type":"Line","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/3221a7d15d9a04e77286c5ec7c4a0704b046eb6f","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["297689206181598069331002922395358437011","53103970518881348212111182210441065387","273560439908853465901911723477247892933","287506565760371768330045908730624635082","330613294008500563934349749652443920407","158780807269291953356502095163605274748","78164119038492352442815730254788564124","334652926304263157292016019141525428459","34941333813498205285278464472429361715","329745465751486175126702982276987291299","307355338159898063800033071189901241541","247860405436051805372412225806695949848","142482359667534876999521742067734531520","167482781717984059036024511430832498074","193632092955797562218527486710588094336","89254630391162220781226097155784721982","63642685882551582830021566816044692981","109609274678723191371587900238478004043","51416694353721343349112545224463017887","131457580541996635708619611035152093636","287198009249282149072790276963476269700","219162806080689101694939573689832890298","336131363385632538987209520794339690951","56367304980927980105215202953513688612","140693725449435172142134605868633447452","196333788053700123603366102844423068121","191864547246298896152550523267655455015","319948773891339957253400196296653838828","146802045844594804453429472377495824360","182731702135843946715986874614828896755","44710224534783046526192137049877202930","126221668034216869878967731762796924992","215295576507513963876989857376175776196","285928600849782465790763682886507676581","111559344130223511851829170277501650390","146822134239385531581582831540096824056","105120599251967275890411611319051005094","264721181706074774393921615956407498462","33718718104235830666628507008076605067","241757257044918184481683614225135054505","203767625223976589256523104318992678979","41118337435660706531588244749630974052","305834700296521252317712321803610114584","218218773758567126314609980600588427615","170505053037990333833082213200174931905","95170344308790819286424469591038092860","299513324089954029962372591418215223339","25739300443328904177261267366528203106","301894193756757353699820405754744967085","78236171019064070314122226124461268303","127715520721743188403660119658618805371","246552072053065493818311771062034219998","8691591043974207765645945076809068292","122145806247658706599538972600252622081","263317294939964243141696944762401876242","50277582960364554664263517229959117713","168329874518953841276667308037405085030","220275071212311656826758471473885004272","283782142393584532237923448244034944911","7104402438736866935718282998905421155","232016029919587207620873517364928109019","312920652860894322651700227571641187428","30165627929121676672387456665960204508","93263931991970380932431356490001135619","58592916389113586490655069546465027100","181432558917429005077451391355481006360","109203780897526864700728130540654200194","30852010842730519310358091579685119667"]}},{"id":"ASB-A-313909156-135f77f4","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java","function":"onNewFollowerActivity"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/3221a7d15d9a04e77286c5ec7c4a0704b046eb6f","signature_version":"v1","digest":{"length":1042,"function_hash":"107455685653883416543601653703477760979"}},{"id":"ASB-A-313909156-2f836a6d","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java","function":"onCreate"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/3221a7d15d9a04e77286c5ec7c4a0704b046eb6f","signature_version":"v1","digest":{"length":3598,"function_hash":"43415802790324639296660759328168713527"}},{"id":"ASB-A-313909156-b39ffa25","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java","function":"showNextRequest"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/3221a7d15d9a04e77286c5ec7c4a0704b046eb6f","signature_version":"v1","digest":{"length":3404,"function_hash":"75188701020156754185154146360564094075"}},{"id":"ASB-A-313909156-dfeb111a","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java","function":"setResultIfNeeded"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/3221a7d15d9a04e77286c5ec7c4a0704b046eb6f","signature_version":"v1","digest":{"length":1034,"function_hash":"25361191611248642495133093634276748683"}}],"spl":"2025-05-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-313909156.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2025-05-01"}]}],"versions":["14"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/614473242f9e05a3f6e5e09ae8f18851c5061a15"],"vanir_signatures":[{"id":"ASB-A-313909156-14d48b76","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java","function":"setResultIfNeeded"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/614473242f9e05a3f6e5e09ae8f18851c5061a15","signature_version":"v1","digest":{"length":974,"function_hash":"237257450632212944378772553299579119159"}},{"id":"ASB-A-313909156-ae4d2d2a","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java","function":"onPermissionGrantResult"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/614473242f9e05a3f6e5e09ae8f18851c5061a15","signature_version":"v1","digest":{"length":713,"function_hash":"227238115004879789209026603632572205352"}},{"id":"ASB-A-313909156-b62ecbb3","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java","function":"onNewFollowerActivity"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/614473242f9e05a3f6e5e09ae8f18851c5061a15","signature_version":"v1","digest":{"length":1107,"function_hash":"106696359717779765718922639010542398770"}},{"id":"ASB-A-313909156-d960f34f","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java","function":"onCreate"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/614473242f9e05a3f6e5e09ae8f18851c5061a15","signature_version":"v1","digest":{"length":4183,"function_hash":"25469503402566239287213414969245609240"}},{"id":"ASB-A-313909156-e41433a4","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java"},"deprecated":false,"signature_type":"Line","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/614473242f9e05a3f6e5e09ae8f18851c5061a15","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["263357382819893312579834810970487788204","294056721924773711261542631233362736627","227853381776867097222171354140069327690","149576512802286534341414800852484254028","223584012300698312059102989889615113236","318898789046286237056628326142068584431","158722957216898028605671643853929736380","25259101268677886862739283590576992362","234338762910032123976108671785304939732","51416694353721343349112545224463017887","131457580541996635708619611035152093636","129446988498313116129295175708904280012","75822988148716651664620784184438239601","315148423341037199857903959935532427448","321776600469330016439712813381838046827","140693725449435172142134605868633447452","156657719452575946878006160201727567944","257506428077875157149658364772360437196","251457489055333475205342791949269626132","58889912616164054690732136175584397314","251067826445021144989084091170631791946","147317158956102727551123264839787063221","239369879304183492994697680549247917640","336742951141920859834205833863791613229","272061813753436152151034880413382772144","161579174472509729095508079186916172784","252214225399366748602522448644139900312","130073849974643280472058068761730684627","263321366157998656397679355632027858243","241757257044918184481683614225135054505","203767625223976589256523104318992678979","41118337435660706531588244749630974052","118574410387114613899710666455814034057","19806348458286784028998526376047235096","222589611628964743458115884746092905455","202213713867760682633042331947507531716","161446306026169860682222883211575011837","244425340686630035937406956629427414604","39242131779113619965150576499258152347","144074775192892221875422448805440255377","78236171019064070314122226124461268303","127715520721743188403660119658618805371","246552072053065493818311771062034219998","282671794518609310084358683216790655941","77919309481846488420945705682932230861","254978004380690969107571850886920907451","104221079492046264388526162238241330791","74842047812047406173586138647702010421","8834962737553501764486537916981555347","321619211494427535560247753706009459836","188202191662862754781582646874614166325","79524901457296159006784139737930114312","113736980258014186195377921039091270121","314014756152475452465708496297349362844","13979150327916395806080253261298735340","83405740484111226578845724422526631705","317992995746243618227172461162027170097","137897699450277983160444826220995171031","318463156198090027745978765643322595727","330891185401359539365712957553282450558","46060396291687483120641000676876599747","174722439332983080494459753137891033779","162083414647043994417446742266704689447","225780005815407315445442721541788223071","265137738030507530568121193921397503962","208618983852546455680668488222344530998","46281263391059963917268927381528595837","277977784511416501241836094146852191366","89993135430244255070388747164699200054","320779411307656031513079526170684403006","119969270777825677640801323061643227554","113947298663636355010306812726770715095","152320592790599160717128162988643093909","196199114566819347683131916661087664347","154409250749766351555608474056002775923","181432558917429005077451391355481006360","109203780897526864700728130540654200194","30852010842730519310358091579685119667"]}},{"id":"ASB-A-313909156-f4cb10e3","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java","function":"showNextRequest"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/614473242f9e05a3f6e5e09ae8f18851c5061a15","signature_version":"v1","digest":{"length":3927,"function_hash":"262115217165135187817753145753767328264"}}],"spl":"2025-05-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-313909156.json"}}],"schema_version":"1.7.5"}