{"id":"ASB-A-364269936","details":"In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-364269936","CVE-2025-0086"],"modified":"2026-05-26T15:46:26.044149249Z","published":"2025-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/c1aa9e662464b8fa49765d53a82efa8e06bb176a"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2025-03-01"}]}],"versions":["15-next"],"ecosystem_specific":{"severity":"High","types":["ID"],"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["123305668631491033522027694632370231585","224732698434302563041434915166756011046","205404181425846687776667119004667096634","76820784500846999543517257071379453469"]},"signature_version":"v1","signature_type":"Line","target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/a3788486f2c7f728721c9700f7485f865b462609","id":"ASB-A-364269936-37123902","deprecated":false},{"digest":{"function_hash":"56630234660728534258575613068103318844","length":1663},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/a3788486f2c7f728721c9700f7485f865b462609","target":{"function":"onResult","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_type":"Function","signature_version":"v1","id":"ASB-A-364269936-daf0cc35"},{"digest":{"function_hash":"21158274808230286130764613672950974242","length":5708},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/a3788486f2c7f728721c9700f7485f865b462609","target":{"function":"getAuthToken","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_type":"Function","deprecated":false,"id":"ASB-A-364269936-fd6484b2"}],"spl":"2025-03-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/a3788486f2c7f728721c9700f7485f865b462609"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-364269936.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2025-03-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","types":["ID"],"vanir_signatures":[{"digest":{"function_hash":"261227585194831626479415770564533148761","length":1606},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/fb41e444fd13d26477175c6154491d49e736d11e","target":{"function":"onResult","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_type":"Function","deprecated":false,"id":"ASB-A-364269936-10ead25a"},{"digest":{"threshold":0.9,"line_hashes":["123305668631491033522027694632370231585","224732698434302563041434915166756011046","205404181425846687776667119004667096634","76820784500846999543517257071379453469"]},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/fb41e444fd13d26477175c6154491d49e736d11e","target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_type":"Line","id":"ASB-A-364269936-2cb2662d","deprecated":false},{"id":"ASB-A-364269936-ef1003a1","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/fb41e444fd13d26477175c6154491d49e736d11e","target":{"function":"getAuthToken","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_type":"Function","digest":{"function_hash":"161437446397472161643142010427827157748","length":5514},"deprecated":false}],"spl":"2025-03-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/fb41e444fd13d26477175c6154491d49e736d11e"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-364269936.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2025-03-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","types":["ID"],"vanir_signatures":[{"id":"ASB-A-364269936-17afc7ed","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/fb41e444fd13d26477175c6154491d49e736d11e","target":{"function":"getAuthToken","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_type":"Function","digest":{"function_hash":"161437446397472161643142010427827157748","length":5514},"deprecated":false},{"id":"ASB-A-364269936-2200cc66","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/fb41e444fd13d26477175c6154491d49e736d11e","target":{"function":"onResult","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_type":"Function","digest":{"function_hash":"261227585194831626479415770564533148761","length":1606},"deprecated":false},{"id":"ASB-A-364269936-3a2b0c58","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/fb41e444fd13d26477175c6154491d49e736d11e","target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_type":"Line","digest":{"line_hashes":["123305668631491033522027694632370231585","224732698434302563041434915166756011046","205404181425846687776667119004667096634","76820784500846999543517257071379453469"],"threshold":0.9},"deprecated":false}],"spl":"2025-03-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/fb41e444fd13d26477175c6154491d49e736d11e"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-364269936.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15:0"},{"fixed":"15:2025-03-01"}]}],"versions":["15"],"ecosystem_specific":{"severity":"High","types":["ID"],"vanir_signatures":[{"digest":{"function_hash":"56630234660728534258575613068103318844","length":1663},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/87b546c56dfa8259508c108cd9726090cef31856","target":{"function":"onResult","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_type":"Function","id":"ASB-A-364269936-18779794","deprecated":false},{"digest":{"threshold":0.9,"line_hashes":["123305668631491033522027694632370231585","224732698434302563041434915166756011046","205404181425846687776667119004667096634","76820784500846999543517257071379453469"]},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/87b546c56dfa8259508c108cd9726090cef31856","target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_type":"Line","signature_version":"v1","id":"ASB-A-364269936-c6099bfa"},{"digest":{"function_hash":"21158274808230286130764613672950974242","length":5708},"signature_version":"v1","signature_type":"Function","target":{"function":"getAuthToken","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/87b546c56dfa8259508c108cd9726090cef31856","id":"ASB-A-364269936-f943985b","deprecated":false}],"spl":"2025-03-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/87b546c56dfa8259508c108cd9726090cef31856"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-364269936.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2025-03-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","types":["ID"],"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["123305668631491033522027694632370231585","224732698434302563041434915166756011046","205404181425846687776667119004667096634","76820784500846999543517257071379453469"]},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/fb41e444fd13d26477175c6154491d49e736d11e","target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_type":"Line","deprecated":false,"id":"ASB-A-364269936-03bb949b"},{"digest":{"function_hash":"161437446397472161643142010427827157748","length":5514},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/fb41e444fd13d26477175c6154491d49e736d11e","target":{"function":"getAuthToken","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_type":"Function","id":"ASB-A-364269936-49ce785b","deprecated":false},{"digest":{"function_hash":"261227585194831626479415770564533148761","length":1606},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/fb41e444fd13d26477175c6154491d49e736d11e","target":{"function":"onResult","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_type":"Function","signature_version":"v1","id":"ASB-A-364269936-6c6ae83c"}],"spl":"2025-03-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/fb41e444fd13d26477175c6154491d49e736d11e"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-364269936.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2025-03-01"}]}],"versions":["14"],"ecosystem_specific":{"severity":"High","types":["ID"],"vanir_signatures":[{"digest":{"function_hash":"161437446397472161643142010427827157748","length":5514},"deprecated":false,"signature_type":"Function","target":{"function":"getAuthToken","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/fb41e444fd13d26477175c6154491d49e736d11e","signature_version":"v1","id":"ASB-A-364269936-379467a2"},{"id":"ASB-A-364269936-8ac44097","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/fb41e444fd13d26477175c6154491d49e736d11e","target":{"function":"onResult","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_type":"Function","digest":{"function_hash":"261227585194831626479415770564533148761","length":1606},"deprecated":false},{"digest":{"line_hashes":["123305668631491033522027694632370231585","224732698434302563041434915166756011046","205404181425846687776667119004667096634","76820784500846999543517257071379453469"],"threshold":0.9},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/fb41e444fd13d26477175c6154491d49e736d11e","target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_type":"Line","signature_version":"v1","id":"ASB-A-364269936-c5c8c55b"}],"spl":"2025-03-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/fb41e444fd13d26477175c6154491d49e736d11e"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-364269936.json"}}],"schema_version":"1.7.5"}