{"id":"ASB-A-381885240","details":"In multiple functions of BaseBundle.java, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-381885240","CVE-2025-48583"],"modified":"2026-04-07T15:34:34.465012Z","published":"2025-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/02751bc65824a3877bdc21d865cd801b5e9f5e6c"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16-qpr2-next:0"},{"fixed":"16-qpr2-next:2025-12-01"}]}],"versions":["16-qpr2-next"],"ecosystem_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["143619953344380945349808832383999587221","286088482419454752897083668920640001028","170858495998197863390290425140665273806","110615400924175761923546864167627389257","199891992987289089874250973339042272847","108749806646176519988174016819229327407","332360363119861887931150936650991658935","174920013543140927271118897934018274379","284292221036374919610912170287316426200","214350779031284022919206397139237238953","173746568786115240580331887774006254272","2518371267182303715587143145828960760","112835875679903889994993851412138680665","50255930011592675186927123601724888890","96855873368237677560094400731679834550","142704835177258080254798267019474560819","238204882528022809087318930772490743983","145042412466049663842034692563728188068","185453565943576272065608264474601783247","290904611754225128135947127671502448015","190122645023913448121459157689719092314","25989062265017724637505550613762711282"]},"id":"ASB-A-381885240-019555dc","target":{"file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/266bbcd030ff34d09a3adb226b9fc32184c3b7df","signature_type":"Line","signature_version":"v1"},{"digest":{"length":671,"function_hash":"284473703658618539898650731140527865345"},"id":"ASB-A-381885240-30e56d8e","target":{"function":"recycle","file":"core/java/android/os/Parcel.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/266bbcd030ff34d09a3adb226b9fc32184c3b7df","signature_type":"Function","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["276403105727619370977907454966767100842","90835928758325504502206226486271879416","266439707727820777743736932449010458894","208177590637606379406118141748126922086","197417365152524084707194007660260456893","208202833007587115966697612462513679461","136635482043147512751793536099562546364","65236846875928434332512998728998408481","140543593771012306847280793686663577554","148487913652039469187015729328764216376"]},"id":"ASB-A-381885240-57793c5f","target":{"file":"core/java/android/os/Parcel.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/266bbcd030ff34d09a3adb226b9fc32184c3b7df","signature_type":"Line","signature_version":"v1"},{"digest":{"length":236,"function_hash":"46006982700023270702211945646139599328"},"id":"ASB-A-381885240-6845f0a4","target":{"function":"clear","file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/266bbcd030ff34d09a3adb226b9fc32184c3b7df","signature_type":"Function","signature_version":"v1"},{"digest":{"length":106,"function_hash":"7014720804021016047949783468580237037"},"match_only_versions":["16-qpr2-next"],"target":{"function":"recycleParcel","file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/266bbcd030ff34d09a3adb226b9fc32184c3b7df","signature_type":"Function","id":"ASB-A-381885240-7c6b7a3f","signature_version":"v1"},{"digest":{"length":158,"function_hash":"285475719585484225080224746270989837680"},"match_only_versions":["16-qpr2-next"],"target":{"function":"freeBuffer","file":"core/java/android/os/Parcel.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/266bbcd030ff34d09a3adb226b9fc32184c3b7df","signature_type":"Function","id":"ASB-A-381885240-95203fb3","signature_version":"v1"},{"digest":{"length":736,"function_hash":"200759266969230290661157772594372078853"},"id":"ASB-A-381885240-9dab69cd","target":{"function":"unwrapLazyValueFromMapLocked","file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/266bbcd030ff34d09a3adb226b9fc32184c3b7df","signature_type":"Function","signature_version":"v1"},{"digest":{"length":1385,"function_hash":"260380739112932968784793290585938158310"},"id":"ASB-A-381885240-bf5ffa63","target":{"function":"initializeFromParcelLocked","file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/266bbcd030ff34d09a3adb226b9fc32184c3b7df","signature_type":"Function","signature_version":"v1"}],"spl":"2025-12-01","types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/266bbcd030ff34d09a3adb226b9fc32184c3b7df"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-381885240.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15:0"},{"fixed":"15:2025-12-01"}]}],"versions":["15"],"ecosystem_specific":{"vanir_signatures":[{"digest":{"length":236,"function_hash":"46006982700023270702211945646139599328"},"id":"ASB-A-381885240-49e5b5e2","target":{"function":"clear","file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/728a21be645b3f9f5c0dcdd0b07168ad3d438fb9","signature_type":"Function","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["143619953344380945349808832383999587221","286088482419454752897083668920640001028","170858495998197863390290425140665273806","110615400924175761923546864167627389257","199891992987289089874250973339042272847","108749806646176519988174016819229327407","332360363119861887931150936650991658935","174920013543140927271118897934018274379","284292221036374919610912170287316426200","214350779031284022919206397139237238953","173746568786115240580331887774006254272","2518371267182303715587143145828960760","112835875679903889994993851412138680665","50255930011592675186927123601724888890","96855873368237677560094400731679834550","142704835177258080254798267019474560819","238204882528022809087318930772490743983","145042412466049663842034692563728188068","185453565943576272065608264474601783247","290904611754225128135947127671502448015","190122645023913448121459157689719092314","25989062265017724637505550613762711282"]},"id":"ASB-A-381885240-51b80ef6","target":{"file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/728a21be645b3f9f5c0dcdd0b07168ad3d438fb9","signature_type":"Line","signature_version":"v1"},{"digest":{"length":1393,"function_hash":"337646080539226973219399309200324501582"},"id":"ASB-A-381885240-64b1c748","target":{"function":"initializeFromParcelLocked","file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/728a21be645b3f9f5c0dcdd0b07168ad3d438fb9","signature_type":"Function","signature_version":"v1"},{"digest":{"length":106,"function_hash":"7014720804021016047949783468580237037"},"match_only_versions":["15"],"target":{"function":"recycleParcel","file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/728a21be645b3f9f5c0dcdd0b07168ad3d438fb9","signature_type":"Function","id":"ASB-A-381885240-6bbd5b9a","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["80012019449043672887609934038642438131","90835928758325504502206226486271879416","266439707727820777743736932449010458894","208177590637606379406118141748126922086","197417365152524084707194007660260456893","208202833007587115966697612462513679461","136635482043147512751793536099562546364","65236846875928434332512998728998408481","140543593771012306847280793686663577554","148487913652039469187015729328764216376"]},"id":"ASB-A-381885240-6d127747","target":{"file":"core/java/android/os/Parcel.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/728a21be645b3f9f5c0dcdd0b07168ad3d438fb9","signature_type":"Line","signature_version":"v1"},{"digest":{"length":736,"function_hash":"200759266969230290661157772594372078853"},"id":"ASB-A-381885240-9f403207","target":{"function":"unwrapLazyValueFromMapLocked","file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/728a21be645b3f9f5c0dcdd0b07168ad3d438fb9","signature_type":"Function","signature_version":"v1"},{"digest":{"length":158,"function_hash":"285475719585484225080224746270989837680"},"match_only_versions":["15"],"target":{"function":"freeBuffer","file":"core/java/android/os/Parcel.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/728a21be645b3f9f5c0dcdd0b07168ad3d438fb9","signature_type":"Function","id":"ASB-A-381885240-e21e66df","signature_version":"v1"},{"digest":{"length":624,"function_hash":"330302876922501969320285702144363611443"},"id":"ASB-A-381885240-f86a8e87","target":{"function":"recycle","file":"core/java/android/os/Parcel.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/728a21be645b3f9f5c0dcdd0b07168ad3d438fb9","signature_type":"Function","signature_version":"v1"}],"spl":"2025-12-01","types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/728a21be645b3f9f5c0dcdd0b07168ad3d438fb9"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-381885240.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16:0"},{"fixed":"16:2025-12-01"}]}],"versions":["16"],"ecosystem_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["143619953344380945349808832383999587221","286088482419454752897083668920640001028","170858495998197863390290425140665273806","110615400924175761923546864167627389257","199891992987289089874250973339042272847","108749806646176519988174016819229327407","332360363119861887931150936650991658935","174920013543140927271118897934018274379","284292221036374919610912170287316426200","214350779031284022919206397139237238953","173746568786115240580331887774006254272","2518371267182303715587143145828960760","112835875679903889994993851412138680665","50255930011592675186927123601724888890","96855873368237677560094400731679834550","142704835177258080254798267019474560819","238204882528022809087318930772490743983","145042412466049663842034692563728188068","185453565943576272065608264474601783247","290904611754225128135947127671502448015","190122645023913448121459157689719092314","25989062265017724637505550613762711282"]},"id":"ASB-A-381885240-18cd1d92","target":{"file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/d20f3599f89388d181735db351879d2487cc331b","signature_type":"Line","signature_version":"v1"},{"digest":{"length":736,"function_hash":"200759266969230290661157772594372078853"},"id":"ASB-A-381885240-32da1ea2","target":{"function":"unwrapLazyValueFromMapLocked","file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/d20f3599f89388d181735db351879d2487cc331b","signature_type":"Function","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["276403105727619370977907454966767100842","90835928758325504502206226486271879416","266439707727820777743736932449010458894","208177590637606379406118141748126922086","197417365152524084707194007660260456893","208202833007587115966697612462513679461","136635482043147512751793536099562546364","65236846875928434332512998728998408481","140543593771012306847280793686663577554","148487913652039469187015729328764216376"]},"id":"ASB-A-381885240-43833c4a","target":{"file":"core/java/android/os/Parcel.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/d20f3599f89388d181735db351879d2487cc331b","signature_type":"Line","signature_version":"v1"},{"digest":{"length":1385,"function_hash":"260380739112932968784793290585938158310"},"id":"ASB-A-381885240-bb617986","target":{"function":"initializeFromParcelLocked","file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/d20f3599f89388d181735db351879d2487cc331b","signature_type":"Function","signature_version":"v1"},{"digest":{"length":106,"function_hash":"7014720804021016047949783468580237037"},"match_only_versions":["16"],"target":{"function":"recycleParcel","file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/d20f3599f89388d181735db351879d2487cc331b","signature_type":"Function","id":"ASB-A-381885240-bfb580ff","signature_version":"v1"},{"digest":{"length":158,"function_hash":"285475719585484225080224746270989837680"},"match_only_versions":["16"],"target":{"function":"freeBuffer","file":"core/java/android/os/Parcel.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/d20f3599f89388d181735db351879d2487cc331b","signature_type":"Function","id":"ASB-A-381885240-c09c01cb","signature_version":"v1"},{"digest":{"length":671,"function_hash":"284473703658618539898650731140527865345"},"id":"ASB-A-381885240-d834cb59","target":{"function":"recycle","file":"core/java/android/os/Parcel.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/d20f3599f89388d181735db351879d2487cc331b","signature_type":"Function","signature_version":"v1"},{"digest":{"length":236,"function_hash":"46006982700023270702211945646139599328"},"id":"ASB-A-381885240-e0445e21","target":{"function":"clear","file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/d20f3599f89388d181735db351879d2487cc331b","signature_type":"Function","signature_version":"v1"}],"spl":"2025-12-01","types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/d20f3599f89388d181735db351879d2487cc331b"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-381885240.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2025-12-01"}]}],"versions":["14"],"ecosystem_specific":{"vanir_signatures":[{"digest":{"length":236,"function_hash":"46006982700023270702211945646139599328"},"id":"ASB-A-381885240-0650f8df","target":{"function":"clear","file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/ba507647771b8a8c3481e192a1ba6c8027305237","signature_type":"Function","signature_version":"v1"},{"digest":{"length":1393,"function_hash":"337646080539226973219399309200324501582"},"id":"ASB-A-381885240-09fd8713","target":{"function":"initializeFromParcelLocked","file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/ba507647771b8a8c3481e192a1ba6c8027305237","signature_type":"Function","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["133025951392166269319845581268729694295","12671139100329101586010429016059707143","162299566821264737775330129930731748761","191715323902013075878596258919932203361","88697305904844850341107239285722538069","210247925931020430629991040574406743056","326795662881850518015248135513219353414","332360363119861887931150936650991658935","174920013543140927271118897934018274379","284292221036374919610912170287316426200","214350779031284022919206397139237238953","173746568786115240580331887774006254272","2518371267182303715587143145828960760","112835875679903889994993851412138680665","50255930011592675186927123601724888890","96855873368237677560094400731679834550","142704835177258080254798267019474560819","238204882528022809087318930772490743983","145042412466049663842034692563728188068","185453565943576272065608264474601783247","290904611754225128135947127671502448015","190122645023913448121459157689719092314","25989062265017724637505550613762711282"]},"id":"ASB-A-381885240-1eb53a8b","target":{"file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/ba507647771b8a8c3481e192a1ba6c8027305237","signature_type":"Line","signature_version":"v1"},{"digest":{"length":158,"function_hash":"285475719585484225080224746270989837680"},"match_only_versions":["14"],"target":{"function":"freeBuffer","file":"core/java/android/os/Parcel.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/ba507647771b8a8c3481e192a1ba6c8027305237","signature_type":"Function","id":"ASB-A-381885240-6a24dc90","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["80012019449043672887609934038642438131","90835928758325504502206226486271879416","266439707727820777743736932449010458894","208177590637606379406118141748126922086","197417365152524084707194007660260456893","208202833007587115966697612462513679461","136635482043147512751793536099562546364","65236846875928434332512998728998408481","140543593771012306847280793686663577554","148487913652039469187015729328764216376"]},"id":"ASB-A-381885240-ad8f260d","target":{"file":"core/java/android/os/Parcel.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/ba507647771b8a8c3481e192a1ba6c8027305237","signature_type":"Line","signature_version":"v1"},{"digest":{"length":818,"function_hash":"289686390697361430917964490623996917519"},"id":"ASB-A-381885240-c0d25df3","target":{"function":"unwrapLazyValueFromMapLocked","file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/ba507647771b8a8c3481e192a1ba6c8027305237","signature_type":"Function","signature_version":"v1"},{"digest":{"length":624,"function_hash":"330302876922501969320285702144363611443"},"id":"ASB-A-381885240-c48983f6","target":{"function":"recycle","file":"core/java/android/os/Parcel.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/ba507647771b8a8c3481e192a1ba6c8027305237","signature_type":"Function","signature_version":"v1"},{"digest":{"length":106,"function_hash":"7014720804021016047949783468580237037"},"match_only_versions":["14"],"target":{"function":"recycleParcel","file":"core/java/android/os/BaseBundle.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/ba507647771b8a8c3481e192a1ba6c8027305237","signature_type":"Function","id":"ASB-A-381885240-f4dbdd35","signature_version":"v1"}],"spl":"2025-12-01","types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/ba507647771b8a8c3481e192a1ba6c8027305237"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-381885240.json"}}],"schema_version":"1.7.5"}