{"id":"ASB-A-433746973","details":"In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-433746973","CVE-2026-0025"],"modified":"2026-04-17T15:55:28.020024Z","published":"2026-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2026-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/014dea279c49d532bc4fbbdebbc024133967b6a8"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16-qpr2-next:0"},{"fixed":"16-qpr2-next:2026-03-01"}]}],"versions":["16-qpr2-next"],"ecosystem_specific":{"severity":"High","spl":"2026-03-01","vanir_signatures":[{"signature_version":"v1","deprecated":false,"signature_type":"Line","id":"ASB-A-433746973-116e710d","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/71d4afae00c7d6d9238f8ec82303e1e13da50fbb","digest":{"line_hashes":["208457733616812906224072334317441311486","177741000024498610159506990581220824865","246827322931647878402727532051987708110","366885149601952916460938894739865235","234143833201926822247770025081733917375","114943680788978231257779752178005008740","192576508593764210838752494662788023850","116813442933041783963474251816540213764","257152848526048718978114734189840107168","303275495934743804745592230443152619800","298379860440521963031288225963188269361","23429470870889590322777105974998790777","37632166122149386811223787386280723680","5252976747246714009360738678155877081","85395014211052402365053891356592096893","288384680890765465103422898482727070452","335490982615414724704982197380408897798","97917139651027726768513675619098556566","228799725567654130447136930544436091864","37845789811354991732956325964285322222","110177719128765197004277074762828482508","234656496459289722207609407715090371710"],"threshold":0.9}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"ASB-A-433746973-5648c433","target":{"function":"restoreFromExtras","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/71d4afae00c7d6d9238f8ec82303e1e13da50fbb","digest":{"length":848,"function_hash":"222862161965606227208221585316443210496"}},{"deprecated":false,"match_only_versions":["16-qpr2-next"],"id":"ASB-A-433746973-76bcee79","target":{"file":"packages/SystemUI/src/com/android/systemui/people/NotificationHelper.java"},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/71d4afae00c7d6d9238f8ec82303e1e13da50fbb","digest":{"line_hashes":["271970879545183213048976685239564649552","256309662455536330311331838685129896281","337576367368607241813693656732624169277","293270563471319284243892340092297590869","207884255240402107614090257996188795272","195704373898344098143959282056482778135","74089123099812119618810142444649031038","26309697718932733755802101959838141910"],"threshold":0.9}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"ASB-A-433746973-807135e9","target":{"function":"getMessagingStyleMessages","file":"packages/SystemUI/src/com/android/systemui/people/NotificationHelper.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/4f75b823796641615583fee0b03a37db6139e9e2","digest":{"length":451,"function_hash":"252317402073980250186722477669218326045"}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"ASB-A-433746973-80de7cf0","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/71d4afae00c7d6d9238f8ec82303e1e13da50fbb","digest":{"length":3034,"function_hash":"156289883570323766609605117093722529858"}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"ASB-A-433746973-85cf7b35","target":{"function":"hasImage","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/71d4afae00c7d6d9238f8ec82303e1e13da50fbb","digest":{"length":500,"function_hash":"282702296223219099501557654338978723164"}},{"signature_version":"v1","deprecated":false,"signature_type":"Line","id":"ASB-A-433746973-c0d3da3f","target":{"file":"packages/SystemUI/src/com/android/systemui/people/NotificationHelper.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/4f75b823796641615583fee0b03a37db6139e9e2","digest":{"line_hashes":["244118638129313130557854724885127005822","166641002803337483219430292399830492341","266306969800215601446364302984980401443","310041130600403422503644795569821551019","269481190831618501634409597190761555953"],"threshold":0.9}}],"types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/71d4afae00c7d6d9238f8ec82303e1e13da50fbb","https://android.googlesource.com/platform/frameworks/base/+/4f75b823796641615583fee0b03a37db6139e9e2"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-433746973.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15:0"},{"fixed":"15:2026-03-01"}]}],"versions":["15"],"ecosystem_specific":{"severity":"High","spl":"2026-03-01","vanir_signatures":[{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"ASB-A-433746973-065d04ab","target":{"function":"hasImage","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/f64c1e377842d9a8df814bcbad831bd4ce01583d","digest":{"length":500,"function_hash":"282702296223219099501557654338978723164"}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"ASB-A-433746973-945b38cd","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/f64c1e377842d9a8df814bcbad831bd4ce01583d","digest":{"length":2658,"function_hash":"14872119413519754712221561025011505500"}},{"signature_version":"v1","deprecated":false,"signature_type":"Line","id":"ASB-A-433746973-e5172a75","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/f64c1e377842d9a8df814bcbad831bd4ce01583d","digest":{"line_hashes":["208457733616812906224072334317441311486","177741000024498610159506990581220824865","246827322931647878402727532051987708110","366885149601952916460938894739865235","234143833201926822247770025081733917375","114943680788978231257779752178005008740","192576508593764210838752494662788023850","116813442933041783963474251816540213764","257152848526048718978114734189840107168","303275495934743804745592230443152619800","298379860440521963031288225963188269361","23429470870889590322777105974998790777","37632166122149386811223787386280723680","5252976747246714009360738678155877081","85395014211052402365053891356592096893","288384680890765465103422898482727070452","335490982615414724704982197380408897798","97917139651027726768513675619098556566","228799725567654130447136930544436091864","37845789811354991732956325964285322222","110177719128765197004277074762828482508","234656496459289722207609407715090371710"],"threshold":0.9}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"ASB-A-433746973-f5702178","target":{"function":"restoreFromExtras","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/f64c1e377842d9a8df814bcbad831bd4ce01583d","digest":{"length":848,"function_hash":"222862161965606227208221585316443210496"}}],"types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/f64c1e377842d9a8df814bcbad831bd4ce01583d"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-433746973.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16:0"},{"fixed":"16:2026-03-01"}]}],"versions":["16"],"ecosystem_specific":{"severity":"High","spl":"2026-03-01","vanir_signatures":[{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"ASB-A-433746973-2e9febd7","target":{"function":"restoreFromExtras","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/70fe31848f073029cdb38cd6c5fe47f200dd4c78","digest":{"length":848,"function_hash":"222862161965606227208221585316443210496"}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"ASB-A-433746973-4e25bffb","target":{"function":"hasImage","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/70fe31848f073029cdb38cd6c5fe47f200dd4c78","digest":{"length":500,"function_hash":"282702296223219099501557654338978723164"}},{"signature_version":"v1","deprecated":false,"signature_type":"Line","id":"ASB-A-433746973-867d6dc5","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/70fe31848f073029cdb38cd6c5fe47f200dd4c78","digest":{"line_hashes":["208457733616812906224072334317441311486","177741000024498610159506990581220824865","246827322931647878402727532051987708110","366885149601952916460938894739865235","234143833201926822247770025081733917375","114943680788978231257779752178005008740","192576508593764210838752494662788023850","116813442933041783963474251816540213764","257152848526048718978114734189840107168","303275495934743804745592230443152619800","298379860440521963031288225963188269361","23429470870889590322777105974998790777","37632166122149386811223787386280723680","5252976747246714009360738678155877081","85395014211052402365053891356592096893","288384680890765465103422898482727070452","335490982615414724704982197380408897798","97917139651027726768513675619098556566","228799725567654130447136930544436091864","37845789811354991732956325964285322222","110177719128765197004277074762828482508","234656496459289722207609407715090371710"],"threshold":0.9}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"ASB-A-433746973-c1b9e230","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/70fe31848f073029cdb38cd6c5fe47f200dd4c78","digest":{"length":2951,"function_hash":"308418045487389591573365703911278494154"}}],"types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/70fe31848f073029cdb38cd6c5fe47f200dd4c78"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-433746973.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16-qpr2:0"},{"fixed":"16-qpr2:2026-03-01"}]}],"versions":["16-qpr2"],"ecosystem_specific":{"severity":"High","spl":"2026-03-01","vanir_signatures":[{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"ASB-A-433746973-0ab29497","target":{"function":"hasImage","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/fb415bfd038da2b276e031618459727bb56240b5","digest":{"length":500,"function_hash":"282702296223219099501557654338978723164"}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"ASB-A-433746973-68f7f988","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/fb415bfd038da2b276e031618459727bb56240b5","digest":{"length":2951,"function_hash":"308418045487389591573365703911278494154"}},{"signature_version":"v1","deprecated":false,"signature_type":"Line","id":"ASB-A-433746973-a7c43e9d","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/fb415bfd038da2b276e031618459727bb56240b5","digest":{"line_hashes":["208457733616812906224072334317441311486","177741000024498610159506990581220824865","246827322931647878402727532051987708110","366885149601952916460938894739865235","234143833201926822247770025081733917375","114943680788978231257779752178005008740","192576508593764210838752494662788023850","116813442933041783963474251816540213764","257152848526048718978114734189840107168","303275495934743804745592230443152619800","298379860440521963031288225963188269361","23429470870889590322777105974998790777","37632166122149386811223787386280723680","5252976747246714009360738678155877081","85395014211052402365053891356592096893","288384680890765465103422898482727070452","335490982615414724704982197380408897798","97917139651027726768513675619098556566","228799725567654130447136930544436091864","37845789811354991732956325964285322222","110177719128765197004277074762828482508","234656496459289722207609407715090371710"],"threshold":0.9}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"ASB-A-433746973-d8bf2eee","target":{"function":"restoreFromExtras","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/fb415bfd038da2b276e031618459727bb56240b5","digest":{"length":848,"function_hash":"222862161965606227208221585316443210496"}}],"types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/fb415bfd038da2b276e031618459727bb56240b5"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-433746973.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2026-03-01"}]}],"versions":["14"],"ecosystem_specific":{"severity":"High","spl":"2026-03-01","vanir_signatures":[{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"ASB-A-433746973-591a4c76","target":{"function":"hasImage","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/2603bda7897a971841bee00beabb1bf4d7451604","digest":{"length":500,"function_hash":"282702296223219099501557654338978723164"}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"ASB-A-433746973-7e03ab73","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/2603bda7897a971841bee00beabb1bf4d7451604","digest":{"length":2658,"function_hash":"14872119413519754712221561025011505500"}},{"signature_version":"v1","deprecated":false,"signature_type":"Line","id":"ASB-A-433746973-8276fd20","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/2603bda7897a971841bee00beabb1bf4d7451604","digest":{"line_hashes":["208457733616812906224072334317441311486","177741000024498610159506990581220824865","246827322931647878402727532051987708110","366885149601952916460938894739865235","234143833201926822247770025081733917375","114943680788978231257779752178005008740","192576508593764210838752494662788023850","116813442933041783963474251816540213764","257152848526048718978114734189840107168","303275495934743804745592230443152619800","298379860440521963031288225963188269361","23429470870889590322777105974998790777","37632166122149386811223787386280723680","5252976747246714009360738678155877081","85395014211052402365053891356592096893","288384680890765465103422898482727070452","335490982615414724704982197380408897798","97917139651027726768513675619098556566","228799725567654130447136930544436091864","37845789811354991732956325964285322222","110177719128765197004277074762828482508","234656496459289722207609407715090371710"],"threshold":0.9}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"ASB-A-433746973-dacf161f","target":{"function":"restoreFromExtras","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/2603bda7897a971841bee00beabb1bf4d7451604","digest":{"length":848,"function_hash":"222862161965606227208221585316443210496"}}],"types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/2603bda7897a971841bee00beabb1bf4d7451604"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-433746973.json"}}],"schema_version":"1.7.5"}