{"id":"ASB-A-370962373", "published":"2025-02-01T00:00:00Z", "modified":"2026-06-12T15:08:17.296522730Z", "aliases":["CVE-2025-0099", "A-370962373"], "details":"In multiple functions of CompanionDeviceManagerService.java, there is a possible way to grant permissions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15-next:0"}, {"fixed":"15-next:2025-02-01"}]}], "versions":["15-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/692cddfb32abae6c77b00c4850fd36b7eaaf8c70"], "severity":"High", "spl":"2025-02-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"4240526573347741701383026480308334057", "length":88}, "id":"ASB-A-370962373-4d8f6a46", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/692cddfb32abae6c77b00c4850fd36b7eaaf8c70", "target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java", "function":"getBackupPayload"}}, {"deprecated":false, "digest":{"function_hash":"80749470785317375633430002806464151928", "length":103}, "id":"ASB-A-370962373-8d778d54", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/692cddfb32abae6c77b00c4850fd36b7eaaf8c70", "target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java", "function":"applyRestoredPayload"}}, {"deprecated":false, "digest":{"line_hashes":["335960718412907313367981356592162676942", "263110392768386747985260879713506925328", "332552674595931601156312424344457584492", "236120831168666863532369763580178696761", "265220646878657219400273228719965943057", "330360416465372736820418429089610892518", "316352562444567643242223542801087355968", "191425971114102596495062438571726966520"], "threshold":0.9}, "id":"ASB-A-370962373-c33fc108", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/692cddfb32abae6c77b00c4850fd36b7eaaf8c70", "target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15:0"}, {"fixed":"15:2025-02-01"}]}], "versions":["15"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/191638ababfc5b03d63264b8932c5903f18543ba"], "severity":"High", "spl":"2025-02-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["335960718412907313367981356592162676942", "263110392768386747985260879713506925328", "332552674595931601156312424344457584492", "236120831168666863532369763580178696761", "265220646878657219400273228719965943057", "330360416465372736820418429089610892518", "316352562444567643242223542801087355968", "191425971114102596495062438571726966520"], "threshold":0.9}, "id":"ASB-A-370962373-0485d22c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/191638ababfc5b03d63264b8932c5903f18543ba", "target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"4240526573347741701383026480308334057", "length":88}, "id":"ASB-A-370962373-acd7e42f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/191638ababfc5b03d63264b8932c5903f18543ba", "target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java", "function":"getBackupPayload"}}, {"deprecated":false, "digest":{"function_hash":"80749470785317375633430002806464151928", "length":103}, "id":"ASB-A-370962373-cc532a2c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/191638ababfc5b03d63264b8932c5903f18543ba", "target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java", "function":"applyRestoredPayload"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2025-02-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/7946586c33503bc383403faec48ffcea39e365ac"}]}