{"id":"ASB-A-465136263","details":"In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-465136263","CVE-2026-0047"],"modified":"2026-04-17T15:55:28.020024Z","published":"2026-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2026-03-01"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16-qpr2-next:0"},{"fixed":"16-qpr2-next:2026-03-01"}]}],"versions":["16-qpr2-next"],"ecosystem_specific":{"vanir_signatures":[{"digest":{"length":1232,"function_hash":"21128332452886656275562663077176601702"},"signature_version":"v1","deprecated":false,"id":"ASB-A-465136263-3ac46c85","target":{"function":"dumpBitmapsProto","file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/93b72e5a84815c09d5eac89fe8f974a44002c629"},{"digest":{"line_hashes":["135847629834073259482915061400405200012","59615673537238681213198311659771632883","1195061245766985327477020871338641001","253619028242178363216164218344831101310","294216549771636212895272919807500584181","293907812766888931408875549705543176387","263478474317811734063586376302288614067","327991050050507119600291349831124900471"],"threshold":0.9},"signature_version":"v1","deprecated":false,"id":"ASB-A-465136263-82ffec36","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/93b72e5a84815c09d5eac89fe8f974a44002c629"}],"spl":"2026-03-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/93b72e5a84815c09d5eac89fe8f974a44002c629"],"types":["EoP"],"severity":"Critical"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-465136263.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16-qpr2:0"},{"fixed":"16-qpr2:2026-03-01"}]}],"versions":["16-qpr2"],"ecosystem_specific":{"vanir_signatures":[{"digest":{"line_hashes":["135847629834073259482915061400405200012","59615673537238681213198311659771632883","1195061245766985327477020871338641001","253619028242178363216164218344831101310","294216549771636212895272919807500584181","293907812766888931408875549705543176387","263478474317811734063586376302288614067","327991050050507119600291349831124900471"],"threshold":0.9},"signature_version":"v1","deprecated":false,"id":"ASB-A-465136263-e745f978","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/70d95430379ece974722a1044cb693371412b636"},{"digest":{"length":1232,"function_hash":"21128332452886656275562663077176601702"},"signature_version":"v1","deprecated":false,"id":"ASB-A-465136263-e8bfa94f","target":{"function":"dumpBitmapsProto","file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/70d95430379ece974722a1044cb693371412b636"}],"spl":"2026-03-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/70d95430379ece974722a1044cb693371412b636"],"types":["EoP"],"severity":"Critical"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-465136263.json"}}],"schema_version":"1.7.5"}