{"id":"ASB-A-475228205","details":"In multiple functions of DevicePolicyManagerService.java, there is a possible desync from persistence due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-475228205","CVE-2026-28578"],"modified":"2026-06-12T15:08:17.296522730Z","published":"2026-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2026-06-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/48c17df8bdc45e4175a33978791957d460388b72"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"17-next:0"},{"fixed":"17-next:2026-06-01"}]}],"versions":["17-next"],"ecosystem_specific":{"types":["DoS"],"vanir_signatures":[{"id":"ASB-A-475228205-019f769a","signature_version":"v1","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java","function":"setManagedProfileCallerIdAccessPolicy"},"source":"https://android.googlesource.com/platform/frameworks/base/+/4914d6e98bd25e620867650e0e431df3ad23a886","deprecated":false,"digest":{"function_hash":"303266711130788979874224706005915765840","length":412},"signature_type":"Function"},{"digest":{"function_hash":"207449837630846237906541959011152520299","length":418},"signature_version":"v1","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java","function":"setManagedProfileContactsAccessPolicy"},"source":"https://android.googlesource.com/platform/frameworks/base/+/4914d6e98bd25e620867650e0e431df3ad23a886","deprecated":false,"signature_type":"Function","id":"ASB-A-475228205-1d2256e2"},{"digest":{"function_hash":"60826015810146396611988331290802557367","length":402},"signature_version":"v1","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java","function":"setCredentialManagerPolicy"},"source":"https://android.googlesource.com/platform/frameworks/base/+/4914d6e98bd25e620867650e0e431df3ad23a886","deprecated":false,"signature_type":"Function","id":"ASB-A-475228205-925c1201"},{"digest":{"threshold":0.9,"line_hashes":["52303834117526964974535894149334157557","47092742295154542111358333548692782379","218494930842767904347382783561083953502","66193070088668267777623605746202773628","40504487971583235310430996958408732873","47092742295154542111358333548692782379","218494930842767904347382783561083953502","66193070088668267777623605746202773628","262351568022786085567949903422534282026","47092742295154542111358333548692782379","90121249441134976827702512807196265913","227943955620678516408729597126693293077","114447064935241536511235765435006917087","207382626587974545315557577389627551323","201313886097799427127474789421013396700"]},"signature_version":"v1","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/4914d6e98bd25e620867650e0e431df3ad23a886","deprecated":false,"signature_type":"Line","id":"ASB-A-475228205-b2edc768"}],"severity":"High","spl":"2026-06-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/4914d6e98bd25e620867650e0e431df3ad23a886"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-475228205.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15:0"},{"fixed":"15:2026-06-01"}]}],"versions":["15"],"ecosystem_specific":{"types":["DoS"],"vanir_signatures":[{"signature_type":"Function","signature_version":"v1","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java","function":"setCredentialManagerPolicy"},"source":"https://android.googlesource.com/platform/frameworks/base/+/36421c7d97b00d05fd0be4c7050c3bee59058ad8","deprecated":false,"id":"ASB-A-475228205-14bdd0c4","digest":{"function_hash":"339273458278143368544769738232531133975","length":386}},{"digest":{"function_hash":"285411880379529691995832778404715235780","length":380},"signature_version":"v1","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java","function":"setManagedProfileCallerIdAccessPolicy"},"source":"https://android.googlesource.com/platform/frameworks/base/+/36421c7d97b00d05fd0be4c7050c3bee59058ad8","deprecated":false,"signature_type":"Function","id":"ASB-A-475228205-206725a7"},{"digest":{"threshold":0.9,"line_hashes":["52303834117526964974535894149334157557","47092742295154542111358333548692782379","232680074151319339441548200134114675080","309404041269946475577540432195829235635","40504487971583235310430996958408732873","47092742295154542111358333548692782379","232680074151319339441548200134114675080","309404041269946475577540432195829235635","262351568022786085567949903422534282026","47092742295154542111358333548692782379","90121249441134976827702512807196265913","227943955620678516408729597126693293077","168873420784130651682985356436263605776","207382626587974545315557577389627551323","201313886097799427127474789421013396700"]},"signature_version":"v1","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/36421c7d97b00d05fd0be4c7050c3bee59058ad8","deprecated":false,"signature_type":"Line","id":"ASB-A-475228205-63b441da"},{"digest":{"function_hash":"240555449901019055093991664546335654922","length":386},"signature_version":"v1","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java","function":"setManagedProfileContactsAccessPolicy"},"source":"https://android.googlesource.com/platform/frameworks/base/+/36421c7d97b00d05fd0be4c7050c3bee59058ad8","deprecated":false,"signature_type":"Function","id":"ASB-A-475228205-d1d5105f"}],"severity":"High","spl":"2026-06-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/36421c7d97b00d05fd0be4c7050c3bee59058ad8"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-475228205.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16:0"},{"fixed":"16:2026-06-01"}]}],"versions":["16"],"ecosystem_specific":{"types":["DoS"],"vanir_signatures":[{"digest":{"function_hash":"285411880379529691995832778404715235780","length":380},"signature_version":"v1","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java","function":"setManagedProfileCallerIdAccessPolicy"},"source":"https://android.googlesource.com/platform/frameworks/base/+/04023137da055ba8a7054d9772b5fdb36cb19ddb","deprecated":false,"signature_type":"Function","id":"ASB-A-475228205-47eead7b"},{"digest":{"threshold":0.9,"line_hashes":["52303834117526964974535894149334157557","47092742295154542111358333548692782379","232680074151319339441548200134114675080","309404041269946475577540432195829235635","40504487971583235310430996958408732873","47092742295154542111358333548692782379","232680074151319339441548200134114675080","309404041269946475577540432195829235635","262351568022786085567949903422534282026","47092742295154542111358333548692782379","90121249441134976827702512807196265913","227943955620678516408729597126693293077","168873420784130651682985356436263605776","207382626587974545315557577389627551323","201313886097799427127474789421013396700"]},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/04023137da055ba8a7054d9772b5fdb36cb19ddb","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"},"deprecated":false,"signature_type":"Line","id":"ASB-A-475228205-4ac5fe40"},{"digest":{"function_hash":"339273458278143368544769738232531133975","length":386},"signature_version":"v1","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java","function":"setCredentialManagerPolicy"},"source":"https://android.googlesource.com/platform/frameworks/base/+/04023137da055ba8a7054d9772b5fdb36cb19ddb","deprecated":false,"signature_type":"Function","id":"ASB-A-475228205-6177cec3"},{"digest":{"function_hash":"240555449901019055093991664546335654922","length":386},"signature_version":"v1","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java","function":"setManagedProfileContactsAccessPolicy"},"source":"https://android.googlesource.com/platform/frameworks/base/+/04023137da055ba8a7054d9772b5fdb36cb19ddb","deprecated":false,"signature_type":"Function","id":"ASB-A-475228205-af07a818"}],"severity":"High","spl":"2026-06-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/04023137da055ba8a7054d9772b5fdb36cb19ddb"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-475228205.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16-qpr2:0"},{"fixed":"16-qpr2:2026-06-01"}]}],"versions":["16-qpr2"],"ecosystem_specific":{"types":["DoS"],"vanir_signatures":[{"digest":{"function_hash":"240555449901019055093991664546335654922","length":386},"signature_version":"v1","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java","function":"setManagedProfileContactsAccessPolicy"},"source":"https://android.googlesource.com/platform/frameworks/base/+/bb3184f1df179ce052b37c9ad50e98ae5fed67fa","deprecated":false,"signature_type":"Function","id":"ASB-A-475228205-1f9c3c1a"},{"digest":{"threshold":0.9,"line_hashes":["52303834117526964974535894149334157557","47092742295154542111358333548692782379","232680074151319339441548200134114675080","309404041269946475577540432195829235635","40504487971583235310430996958408732873","47092742295154542111358333548692782379","232680074151319339441548200134114675080","309404041269946475577540432195829235635","262351568022786085567949903422534282026","47092742295154542111358333548692782379","90121249441134976827702512807196265913","227943955620678516408729597126693293077","168873420784130651682985356436263605776","207382626587974545315557577389627551323","201313886097799427127474789421013396700"]},"signature_version":"v1","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/bb3184f1df179ce052b37c9ad50e98ae5fed67fa","deprecated":false,"signature_type":"Line","id":"ASB-A-475228205-9ab18965"},{"digest":{"function_hash":"285411880379529691995832778404715235780","length":380},"signature_version":"v1","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java","function":"setManagedProfileCallerIdAccessPolicy"},"source":"https://android.googlesource.com/platform/frameworks/base/+/bb3184f1df179ce052b37c9ad50e98ae5fed67fa","deprecated":false,"signature_type":"Function","id":"ASB-A-475228205-af3253f2"},{"digest":{"function_hash":"339273458278143368544769738232531133975","length":386},"signature_version":"v1","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java","function":"setCredentialManagerPolicy"},"source":"https://android.googlesource.com/platform/frameworks/base/+/bb3184f1df179ce052b37c9ad50e98ae5fed67fa","deprecated":false,"signature_type":"Function","id":"ASB-A-475228205-e969860d"}],"severity":"High","spl":"2026-06-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/bb3184f1df179ce052b37c9ad50e98ae5fed67fa"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-475228205.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2026-06-01"}]}],"versions":["14"],"ecosystem_specific":{"types":["DoS"],"vanir_signatures":[{"digest":{"function_hash":"240555449901019055093991664546335654922","length":386},"signature_version":"v1","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java","function":"setManagedProfileContactsAccessPolicy"},"source":"https://android.googlesource.com/platform/frameworks/base/+/f344abfad1799fb6b16de99f43be955994f957ae","deprecated":false,"signature_type":"Function","id":"ASB-A-475228205-03c83255"},{"digest":{"threshold":0.9,"line_hashes":["210872116382483639414526789930992814917","28277747602812670171382934067539069453","328987492235139661856229426084791586868","205272411713154587056451093223560802429","52303834117526964974535894149334157557","47092742295154542111358333548692782379","232680074151319339441548200134114675080","309404041269946475577540432195829235635","40504487971583235310430996958408732873","47092742295154542111358333548692782379","232680074151319339441548200134114675080","309404041269946475577540432195829235635","262351568022786085567949903422534282026","47092742295154542111358333548692782379","90121249441134976827702512807196265913","227943955620678516408729597126693293077","168873420784130651682985356436263605776","207382626587974545315557577389627551323","201313886097799427127474789421013396700"]},"signature_version":"v1","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/f344abfad1799fb6b16de99f43be955994f957ae","deprecated":false,"signature_type":"Line","id":"ASB-A-475228205-4eaf8dd1"},{"digest":{"function_hash":"285411880379529691995832778404715235780","length":380},"signature_version":"v1","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java","function":"setManagedProfileCallerIdAccessPolicy"},"source":"https://android.googlesource.com/platform/frameworks/base/+/f344abfad1799fb6b16de99f43be955994f957ae","deprecated":false,"signature_type":"Function","id":"ASB-A-475228205-b18be5eb"},{"digest":{"function_hash":"339273458278143368544769738232531133975","length":386},"signature_version":"v1","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java","function":"setCredentialManagerPolicy"},"source":"https://android.googlesource.com/platform/frameworks/base/+/f344abfad1799fb6b16de99f43be955994f957ae","deprecated":false,"signature_type":"Function","id":"ASB-A-475228205-eb7bd9bd"}],"severity":"High","spl":"2026-06-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/f344abfad1799fb6b16de99f43be955994f957ae"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-475228205.json"}}],"schema_version":"1.7.5"}