{"id":"ASB-A-372670004", "published":"2025-02-01T00:00:00Z", "modified":"2026-06-09T15:27:06.151355248Z", "aliases":["CVE-2025-0100", "A-372670004"], "details":"In onCreate of MediaProjectionPermissionActivity.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15-next:0"}, {"fixed":"15-next:2025-02-01"}]}], "versions":["15-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/829da8849df35c00c110ebebdd54c1692d96f840", "https://android.googlesource.com/platform/frameworks/base/+/3b422f0543874c8e1fc27af096e183a7dd4bb8dc"], "severity":"High", "spl":"2025-02-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["211440687465589333353738226611326752796", "294406786732027301803762361906659152831", "308626760993817177202355212675255821499", "257258298963476721124227778592357590006", "202999807571221661115636313480508918549", "331897867216876135552161542089661547085", "7614513962373028293770721772858636376", "4665616441233568618996953335731698795", "50567338492023298277642833741789957177", "141121113742892357917230411891023143489", "33801428352690266924991012706252926108", "300254484658734550213901078801571706212", "273035201818767326443006637626294829451", "63064379309138929202500601384178086375", "60771895395880012561334710975828381099"], "threshold":0.9}, "id":"ASB-A-372670004-04b2f7b9", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3b422f0543874c8e1fc27af096e183a7dd4bb8dc", "target":{"file":"packages/SystemUI/src/com/android/systemui/mediaprojection/permission/MediaProjectionPermissionActivity.java"}}, {"deprecated":false, "digest":{"line_hashes":["222822726012887065884687910318122427033", "323127694650056354896262135068343471729", "155295213818885997044275356994651450666", "328472048480177642839025008094629329521"], "threshold":0.9}, "id":"ASB-A-372670004-2ca742fd", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/829da8849df35c00c110ebebdd54c1692d96f840", "target":{"file":"packages/SystemUI/src/com/android/systemui/mediaprojection/permission/MediaProjectionPermissionActivity.java"}}, {"deprecated":false, "digest":{"function_hash":"70568456605256809670920343586613113082", "length":2415}, "id":"ASB-A-372670004-b5da5693", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3b422f0543874c8e1fc27af096e183a7dd4bb8dc", "target":{"file":"packages/SystemUI/src/com/android/systemui/mediaprojection/permission/MediaProjectionPermissionActivity.java", "function":"onCreate"}}, {"deprecated":false, "digest":{"function_hash":"218326789113518440081293636740325518628", "length":2311}, "id":"ASB-A-372670004-e9b231aa", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/829da8849df35c00c110ebebdd54c1692d96f840", "target":{"file":"packages/SystemUI/src/com/android/systemui/mediaprojection/permission/MediaProjectionPermissionActivity.java", "function":"onCreate"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2025-02-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/49e2bbad9d92315dc2a93df4bbc0beb9eb88c43b"], "severity":"High", "spl":"2025-02-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["60841220076092398129741407592669007421", "292690745393850643680374271613924049702", "40534698575785906515730788821214551225", "185639159614276123023070657881628876201", "140776985339179062362864377066835793451", "81227718884512511873093984521176638074", "240871743131763968123055804877800187232"], "threshold":0.9}, "id":"ASB-A-372670004-2541f87b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/49e2bbad9d92315dc2a93df4bbc0beb9eb88c43b", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/MediaProjectionPermissionActivity.java"}}, {"deprecated":false, "digest":{"function_hash":"210308507565983251214045092259756303606", "length":2845}, "id":"ASB-A-372670004-776d70bc", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/49e2bbad9d92315dc2a93df4bbc0beb9eb88c43b", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/MediaProjectionPermissionActivity.java", "function":"onCreate"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2025-02-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/4622b15f1db1b94b0dfe0a32d68d06c449af38ce"], "severity":"High", "spl":"2025-02-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"184907692771189360413547247900996316904", "length":2848}, "id":"ASB-A-372670004-155e0697", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4622b15f1db1b94b0dfe0a32d68d06c449af38ce", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/MediaProjectionPermissionActivity.java", "function":"onCreate"}}, {"deprecated":false, "digest":{"line_hashes":["60841220076092398129741407592669007421", "292690745393850643680374271613924049702", "40534698575785906515730788821214551225", "185639159614276123023070657881628876201", "140776985339179062362864377066835793451", "81227718884512511873093984521176638074", "240871743131763968123055804877800187232"], "threshold":0.9}, "id":"ASB-A-372670004-9432a90b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4622b15f1db1b94b0dfe0a32d68d06c449af38ce", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/MediaProjectionPermissionActivity.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15:0"}, {"fixed":"15:2025-02-01"}]}], "versions":["15"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/a5eebf827a826c3379b97619b9ee6bfd891904f8"], "severity":"High", "spl":"2025-02-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"232692706954407649177817419140259790692", "length":4244}, "id":"ASB-A-372670004-63c28ab3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a5eebf827a826c3379b97619b9ee6bfd891904f8", "target":{"file":"packages/SystemUI/src/com/android/systemui/mediaprojection/permission/MediaProjectionPermissionActivity.java", "function":"onCreate"}}, {"deprecated":false, "digest":{"line_hashes":["222822726012887065884687910318122427033", "323127694650056354896262135068343471729", "155295213818885997044275356994651450666", "328472048480177642839025008094629329521", "262156480014336255098831754943210437891"], "threshold":0.9}, "id":"ASB-A-372670004-d947d332", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a5eebf827a826c3379b97619b9ee6bfd891904f8", "target":{"file":"packages/SystemUI/src/com/android/systemui/mediaprojection/permission/MediaProjectionPermissionActivity.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2025-02-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/4ebc9c8d2b1c952c9d36c160e3dc6c4b094aadb5"], "severity":"High", "spl":"2025-02-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"1077092066260197144161259701623599790", "length":2810}, "id":"ASB-A-372670004-80fc28c4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4ebc9c8d2b1c952c9d36c160e3dc6c4b094aadb5", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/MediaProjectionPermissionActivity.java", "function":"onCreate"}}, {"deprecated":false, "digest":{"line_hashes":["60841220076092398129741407592669007421", "292690745393850643680374271613924049702", "40534698575785906515730788821214551225", "185639159614276123023070657881628876201", "140776985339179062362864377066835793451", "81227718884512511873093984521176638074", "240871743131763968123055804877800187232"], "threshold":0.9}, "id":"ASB-A-372670004-a6a5e62e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4ebc9c8d2b1c952c9d36c160e3dc6c4b094aadb5", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/MediaProjectionPermissionActivity.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2025-02-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/85987ea1dfd92e4da11e26ee11db876e16a364d1"], "severity":"High", "spl":"2025-02-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"132441821008774629484192039812952222959", "length":3510}, "id":"ASB-A-372670004-1c4dcd97", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/85987ea1dfd92e4da11e26ee11db876e16a364d1", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/MediaProjectionPermissionActivity.java", "function":"onCreate"}}, {"deprecated":false, "digest":{"line_hashes":["222822726012887065884687910318122427033", "323127694650056354896262135068343471729", "155295213818885997044275356994651450666", "328472048480177642839025008094629329521", "262156480014336255098831754943210437891"], "threshold":0.9}, "id":"ASB-A-372670004-b118d474", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/85987ea1dfd92e4da11e26ee11db876e16a364d1", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/MediaProjectionPermissionActivity.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2025-02-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/0e462ffab7727e282af15945aeecdb9b1709e4e9"}]}