{"id":"ASB-A-371975420","details":"In multiple functions of CompanionDeviceManagerService.java, there is a possible way to grant permissions without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-371975420","CVE-2024-49732"],"modified":"2026-04-17T15:55:28.020024Z","published":"2025-01-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-01-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/076a97aa32492cc44e863f7ab75494dc0b3bf5ef"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2025-01-01"}]}],"versions":["15-next"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","digest":{"function_hash":"325547799349776628956852058422162887335","length":86},"target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java","function":"enablePermissionsSync"},"signature_version":"v1","deprecated":false,"id":"ASB-A-371975420-645622a5","source":"https://android.googlesource.com/platform/frameworks/base/+/7e5e47611d6f3271df264bb8ca9545ca3ba80361"},{"signature_type":"Function","digest":{"function_hash":"325547799349776628956852058422162887335","length":86},"target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java","function":"disablePermissionsSync"},"signature_version":"v1","deprecated":false,"id":"ASB-A-371975420-8c5fec4b","source":"https://android.googlesource.com/platform/frameworks/base/+/7e5e47611d6f3271df264bb8ca9545ca3ba80361"},{"signature_type":"Function","digest":{"function_hash":"184969778027347715404234350735920144006","length":93},"target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java","function":"getPermissionSyncRequest"},"signature_version":"v1","deprecated":false,"id":"ASB-A-371975420-aee88cd6","source":"https://android.googlesource.com/platform/frameworks/base/+/7e5e47611d6f3271df264bb8ca9545ca3ba80361"},{"signature_type":"Line","digest":{"line_hashes":["31383610075177406818730483972757974460","94427483219342024353394234258568613019","279611850105123945749576903241054973737","295091891336711870713095889099124920231","293290536639458632448642867313917577954","115179478063496338277254319452012577918","100729554523683161047881112879348806003","140040083095464383787596444328554164057","18538333375630601579707101631068815489","284039753809038667627430981028587418684","304070470983574557448026563449469075677","30304423151255348775357260736044561574"],"threshold":0.9},"target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-371975420-cc29bf53","source":"https://android.googlesource.com/platform/frameworks/base/+/7e5e47611d6f3271df264bb8ca9545ca3ba80361"}],"severity":"High","spl":"2025-01-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/7e5e47611d6f3271df264bb8ca9545ca3ba80361"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-371975420.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15:0"},{"fixed":"15:2025-01-01"}]}],"versions":["15"],"ecosystem_specific":{"severity":"High","spl":"2025-01-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/08f57da9e39869f696de4225197530aa2b9187e8"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-371975420.json"}}],"schema_version":"1.7.5"}