{"id":"ASB-A-364037868", "published":"2025-02-01T00:00:00Z", "modified":"2026-06-11T14:59:52.052110020Z", "aliases":["CVE-2025-0097", "A-364037868"], "details":"In transferTouchGesture of WindowManagerService.java , there is a possible way to steal sensitive user input due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15-next:0"}, {"fixed":"15-next:2025-02-01"}]}], "versions":["15-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/ea329372d8426c6cdbc2d5570c10bef1003d9912"], "severity":"High", "spl":"2025-02-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["112163142825728286601376570101662734826", "198441187844705953367518297218540333074", "27331201922488527444348889345726650391", "331293015077808543825935324836865827489", "254620039880769067733808519606851641442", "249953778221520835274907734933176820132", "319969177551915669436124824182656977126", "330455908732409693530174754088748729867", "223257893106326682952811327007970127244", "165295942820653251744689007900262988486", "339867398381699969324056806102280831554", "62627831524365546532846835358761752800", "328988828590961588487264174790097211293", "248873313261974045040769010167705224854", "318989329479115589579834466806717562644", "196663899505510187640273103465328812632", "7110775924930340699819996708845965063", "127177807673808879272973357402922359345"], "threshold":0.9}, "id":"ASB-A-364037868-077cecf4", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ea329372d8426c6cdbc2d5570c10bef1003d9912", "target":{"file":"services/core/java/com/android/server/wm/EmbeddedWindowController.java"}}, {"deprecated":false, "digest":{"function_hash":"83810895922488579077428771457198824121", "length":243}, "id":"ASB-A-364037868-79092008", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ea329372d8426c6cdbc2d5570c10bef1003d9912", "target":{"file":"services/core/java/com/android/server/wm/EmbeddedWindowController.java", "function":"transferToEmbedded"}}, {"deprecated":false, "digest":{"function_hash":"164054265702367327672522119214234173400", "length":247}, "id":"ASB-A-364037868-85489d9f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ea329372d8426c6cdbc2d5570c10bef1003d9912", "target":{"file":"services/core/java/com/android/server/wm/EmbeddedWindowController.java", "function":"transferToHost"}}, {"deprecated":false, "digest":{"line_hashes":["181108224164417289212662977271542690331", "216736795130174833053450470557661182606", "215186634025237061605494072778302230103", "225791094088381205436562372308971221840", "22889836881209034311231057490029027386", "182136170710394038548729869525887337764", "332135305770684805640646991324853200199", "3595737875289616547646003412729253565", "137029592712009112373773104562906111147", "224324049306989509769718368863998371337", "235365628243456370451281111157950868873", "43211814438570816332155080524257449205", "27006274758510872070366092813070533912", "73535199168703535995551755658540598115", "45103882340012321970988861038420164399", "7131532624119669257814056485339276521"], "threshold":0.9}, "id":"ASB-A-364037868-92a8d311", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ea329372d8426c6cdbc2d5570c10bef1003d9912", "target":{"file":"services/core/java/com/android/server/wm/WindowManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"223722273761691818931384484457924667470", "length":568}, "id":"ASB-A-364037868-ac5c1030", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ea329372d8426c6cdbc2d5570c10bef1003d9912", "target":{"file":"services/core/java/com/android/server/wm/WindowManagerService.java", "function":"transferTouchGesture"}}, {"deprecated":false, "digest":{"function_hash":"192057271889427299029746959248646603949", "length":910}, "id":"ASB-A-364037868-f8ef5a79", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ea329372d8426c6cdbc2d5570c10bef1003d9912", "target":{"file":"services/core/java/com/android/server/wm/WindowManagerService.java", "function":"grantInputChannel"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15:0"}, {"fixed":"15:2025-02-01"}]}], "versions":["15"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/4089c359361d8703bab3be0ab0a29723db76b356"], "severity":"High", "spl":"2025-02-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["112163142825728286601376570101662734826", "198441187844705953367518297218540333074", "27331201922488527444348889345726650391", "331293015077808543825935324836865827489", "254620039880769067733808519606851641442", "249953778221520835274907734933176820132", "319969177551915669436124824182656977126", "330455908732409693530174754088748729867", "223257893106326682952811327007970127244", "165295942820653251744689007900262988486", "339867398381699969324056806102280831554", "62627831524365546532846835358761752800", "328988828590961588487264174790097211293", "248873313261974045040769010167705224854", "318989329479115589579834466806717562644", "196663899505510187640273103465328812632", "7110775924930340699819996708845965063", "127177807673808879272973357402922359345"], "threshold":0.9}, "id":"ASB-A-364037868-524896c0", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4089c359361d8703bab3be0ab0a29723db76b356", "target":{"file":"services/core/java/com/android/server/wm/EmbeddedWindowController.java"}}, {"deprecated":false, "digest":{"function_hash":"192057271889427299029746959248646603949", "length":910}, "id":"ASB-A-364037868-aa6ace9d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4089c359361d8703bab3be0ab0a29723db76b356", "target":{"file":"services/core/java/com/android/server/wm/WindowManagerService.java", "function":"grantInputChannel"}}, {"deprecated":false, "digest":{"function_hash":"83810895922488579077428771457198824121", "length":243}, "id":"ASB-A-364037868-ae35eff7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4089c359361d8703bab3be0ab0a29723db76b356", "target":{"file":"services/core/java/com/android/server/wm/EmbeddedWindowController.java", "function":"transferToEmbedded"}}, {"deprecated":false, "digest":{"function_hash":"164054265702367327672522119214234173400", "length":247}, "id":"ASB-A-364037868-c1c0b340", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4089c359361d8703bab3be0ab0a29723db76b356", "target":{"file":"services/core/java/com/android/server/wm/EmbeddedWindowController.java", "function":"transferToHost"}}, {"deprecated":false, "digest":{"function_hash":"223722273761691818931384484457924667470", "length":568}, "id":"ASB-A-364037868-c30e2726", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4089c359361d8703bab3be0ab0a29723db76b356", "target":{"file":"services/core/java/com/android/server/wm/WindowManagerService.java", "function":"transferTouchGesture"}}, {"deprecated":false, "digest":{"line_hashes":["181108224164417289212662977271542690331", "216736795130174833053450470557661182606", "215186634025237061605494072778302230103", "225791094088381205436562372308971221840", "22889836881209034311231057490029027386", "182136170710394038548729869525887337764", "332135305770684805640646991324853200199", "3595737875289616547646003412729253565", "137029592712009112373773104562906111147", "224324049306989509769718368863998371337", "235365628243456370451281111157950868873", "43211814438570816332155080524257449205", "27006274758510872070366092813070533912", "73535199168703535995551755658540598115", "45103882340012321970988861038420164399", "7131532624119669257814056485339276521"], "threshold":0.9}, "id":"ASB-A-364037868-f7c22191", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4089c359361d8703bab3be0ab0a29723db76b356", "target":{"file":"services/core/java/com/android/server/wm/WindowManagerService.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2025-02-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/a4a8fca641b0671a8c1d2bb3857dc5fc40d01704"}]}