{"id":"ASB-A-351830787", "published":"2026-06-01T00:00:00Z", "modified":"2026-06-18T15:04:46.258745422Z", "aliases":["CVE-2025-26418", "A-351830787"], "details":"In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/packages/services/Car", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"17-next:0"}, {"fixed":"17-next:2026-06-01"}]}], "versions":["17-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/services/Car/+/1111e31c89e9ed293f1c6947d29819ec85ab1079"], "severity":"High", "spl":"2026-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["44767551250258431031953702734849958369", "34130837925024244807862389383809247798", "180249908577208746982286680634614732620", "18667617509951792667757384290115491433", "159776508980834853746518633739865254468", "267988298681156892568840090451634773194"], "threshold":0.9}, "id":"ASB-A-351830787-3d541c4b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/services/Car/+/1111e31c89e9ed293f1c6947d29819ec85ab1079", "target":{"file":"service/src/com/android/car/admin/CarDevicePolicyService.java"}}, {"deprecated":false, "digest":{"function_hash":"308408089892732137531149246928219734430", "length":321}, "id":"ASB-A-351830787-4a4aacec", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/services/Car/+/1111e31c89e9ed293f1c6947d29819ec85ab1079", "target":{"file":"service/src/com/android/car/admin/CarDevicePolicyService.java", "function":"setUserDisclaimerAcknowledged"}}, {"deprecated":false, "digest":{"line_hashes":["215098601854161687189435224539068469883", "190999509749522505711905941354774094166", "16176578470122675511107209725921522241"], "threshold":0.9}, "id":"ASB-A-351830787-f64aa601", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/services/Car/+/1111e31c89e9ed293f1c6947d29819ec85ab1079", "target":{"file":"car-lib/src/android/car/admin/CarDevicePolicyManager.java"}}]}}, {"package":{"name":"platform/packages/services/Car", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15:0"}, {"fixed":"15:2026-06-01"}]}], "versions":["15"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/services/Car/+/6b03abf9c9dbbc35dfd2e64df31f7d19e77445d8"], "severity":"High", "spl":"2026-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"308408089892732137531149246928219734430", "length":321}, "id":"ASB-A-351830787-597275c2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/services/Car/+/6b03abf9c9dbbc35dfd2e64df31f7d19e77445d8", "target":{"file":"service/src/com/android/car/admin/CarDevicePolicyService.java", "function":"setUserDisclaimerAcknowledged"}}, {"deprecated":false, "digest":{"line_hashes":["44767551250258431031953702734849958369", "34130837925024244807862389383809247798", "180249908577208746982286680634614732620", "18667617509951792667757384290115491433", "159776508980834853746518633739865254468", "267988298681156892568840090451634773194"], "threshold":0.9}, "id":"ASB-A-351830787-90adb68d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/services/Car/+/6b03abf9c9dbbc35dfd2e64df31f7d19e77445d8", "target":{"file":"service/src/com/android/car/admin/CarDevicePolicyService.java"}}, {"deprecated":false, "digest":{"line_hashes":["215098601854161687189435224539068469883", "190999509749522505711905941354774094166", "16176578470122675511107209725921522241"], "threshold":0.9}, "id":"ASB-A-351830787-ca50f5cf", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/services/Car/+/6b03abf9c9dbbc35dfd2e64df31f7d19e77445d8", "target":{"file":"car-lib/src/android/car/admin/CarDevicePolicyManager.java"}}]}}, {"package":{"name":"platform/packages/services/Car", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2026-06-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/services/Car/+/dd8e3f0ca750fd170e4afce0cbf2a9323c43dfe5"], "severity":"High", "spl":"2026-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["44767551250258431031953702734849958369", "34130837925024244807862389383809247798", "180249908577208746982286680634614732620", "18667617509951792667757384290115491433", "159776508980834853746518633739865254468", "267988298681156892568840090451634773194"], "threshold":0.9}, "id":"ASB-A-351830787-5aad9a21", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/services/Car/+/dd8e3f0ca750fd170e4afce0cbf2a9323c43dfe5", "target":{"file":"service/src/com/android/car/admin/CarDevicePolicyService.java"}}, {"deprecated":false, "digest":{"line_hashes":["131657575367300493001464047003608493032", "315708547886175091876824329512086417344", "172507282698332647779934886591643831999"], "threshold":0.9}, "id":"ASB-A-351830787-b7230511", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/services/Car/+/dd8e3f0ca750fd170e4afce0cbf2a9323c43dfe5", "target":{"file":"car-lib/src/android/car/admin/CarDevicePolicyManager.java"}}, {"deprecated":false, "digest":{"function_hash":"308408089892732137531149246928219734430", "length":321}, "id":"ASB-A-351830787-e6706f83", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/services/Car/+/dd8e3f0ca750fd170e4afce0cbf2a9323c43dfe5", "target":{"file":"service/src/com/android/car/admin/CarDevicePolicyService.java", "function":"setUserDisclaimerAcknowledged"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2026-06-01"}]}