{"id":"ASB-A-373357090", "published":"2025-04-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2025-22429", "A-373357090"], "details":"In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15-next:0"}, {"fixed":"15-next:2025-04-01"}]}], "versions":["15-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/61ccd0f4b94cea51503b19c184132cc9f4a223c6"], "severity":"Critical", "spl":"2025-04-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"136530879877751130318259952744648116470", "length":1359}, "id":"ASB-A-373357090-35613724", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/61ccd0f4b94cea51503b19c184132cc9f4a223c6", "target":{"file":"core/java/android/os/BaseBundle.java", "function":"initializeFromParcelLocked"}}, {"deprecated":false, "digest":{"function_hash":"175006809858418995587463278397162813946", "length":444}, "id":"ASB-A-373357090-363f0488", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/61ccd0f4b94cea51503b19c184132cc9f4a223c6", "target":{"file":"core/java/android/os/Parcel.java", "function":"readArrayMap"}}, {"deprecated":false, "digest":{"function_hash":"246363379786650779692200600718878853575", "length":135}, "id":"ASB-A-373357090-725857e9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/61ccd0f4b94cea51503b19c184132cc9f4a223c6", "target":{"file":"core/java/android/os/Parcel.java", "function":"readArrayMapInternal"}}, {"deprecated":false, "digest":{"line_hashes":["292493426694400112268094663837546070578", "142788385137543585053329060727370962331", "47380988227463887486376936525729211985", "88373459115201565289473392160261172258", "298961406766824630979370896762564546595", "335935370747998955311880487227765407996", "17094393619004827663866655532590696203", "271070118056297400698986272111618271066", "104237920373254397783245066473480475663", "257984906869037510801403323727784287976", "95670919533139372412004033627621422827", "138993687228642695183604767089030556070", "274810365942448950113189147576514443131", "294037654489050836943779649134249319476", "271883427317472068268860301104257080680", "76655871820206956544918356623936404420", "222888082678928068983664562525317763191", "109131895407696501634579933078979311775"], "threshold":0.9}, "id":"ASB-A-373357090-a46dc6a8", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/61ccd0f4b94cea51503b19c184132cc9f4a223c6", "target":{"file":"core/java/android/os/Parcel.java"}}, {"deprecated":false, "digest":{"line_hashes":["309149949622612476921339300954049381351", "214852754724718633017647199676284484302", "303117893235665048933559442817047171578", "227214276018510627302818078716491753227", "65197108938244036352697899093463123385", "125612912694985825295294190177356542707", "82246987458743052480057486232244385599", "131464832730268191926044683754602941763", "183152250232147782330806984061114927887", "86159409970118557548095012892336342107", "296368364614721402196069076304886151304", "214350779031284022919206397139237238953", "241800509276548534130450662686416464352", "9942776685939643307299416581591909248", "111813787976873198161133351907871541622", "219394818898485551181615386359836086620", "296076944714942943927242457624369436561"], "threshold":0.9}, "id":"ASB-A-373357090-c27cab6a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/61ccd0f4b94cea51503b19c184132cc9f4a223c6", "target":{"file":"core/java/android/os/BaseBundle.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15:0"}, {"fixed":"15:2025-04-01"}]}], "versions":["15"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/86cfb77a4664110c44ea147e8457a65e69e6d5d9"], "severity":"Critical", "spl":"2025-04-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"246363379786650779692200600718878853575", "length":135}, "id":"ASB-A-373357090-4603f324", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/86cfb77a4664110c44ea147e8457a65e69e6d5d9", "target":{"file":"core/java/android/os/Parcel.java", "function":"readArrayMapInternal"}}, {"deprecated":false, "digest":{"line_hashes":["70007563725772021220914176732353923900", "155702790994175057480563201915801328101", "81184413139032326092724294098842520581", "271774700640411330658202797594630856788", "45652014861361221443494136689794051277", "122111078550657104219742081406224377415", "221616233908831737886658118850594791004", "250222597214040778626381784472342691086", "336398160658923812412689307473329780903", "328244821306294851041813142689477453744", "153407401575647424025048398316261100236", "274810365942448950113189147576514443131", "294037654489050836943779649134249319476", "271883427317472068268860301104257080680", "76655871820206956544918356623936404420", "222888082678928068983664562525317763191", "109131895407696501634579933078979311775"], "threshold":0.9}, "id":"ASB-A-373357090-69c46eba", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/86cfb77a4664110c44ea147e8457a65e69e6d5d9", "target":{"file":"core/java/android/os/Parcel.java"}}, {"deprecated":false, "digest":{"line_hashes":["309149949622612476921339300954049381351", "214852754724718633017647199676284484302", "303117893235665048933559442817047171578", "182707855084936461456160118042393059288", "245388164030757397644012369514618744812", "329864917222197713613486918522368166011", "15734881863849708197395878847195958101", "131464832730268191926044683754602941763", "183152250232147782330806984061114927887", "86159409970118557548095012892336342107", "296368364614721402196069076304886151304", "214350779031284022919206397139237238953", "241800509276548534130450662686416464352", "9942776685939643307299416581591909248", "111813787976873198161133351907871541622", "219394818898485551181615386359836086620", "296076944714942943927242457624369436561"], "threshold":0.9}, "id":"ASB-A-373357090-722476f7", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/86cfb77a4664110c44ea147e8457a65e69e6d5d9", "target":{"file":"core/java/android/os/BaseBundle.java"}}, {"deprecated":false, "digest":{"function_hash":"246130844828558004846591843701513685920", "length":1367}, "id":"ASB-A-373357090-a040329f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/86cfb77a4664110c44ea147e8457a65e69e6d5d9", "target":{"file":"core/java/android/os/BaseBundle.java", "function":"initializeFromParcelLocked"}}, {"deprecated":false, "digest":{"function_hash":"287373806987068616404821333960526490369", "length":431}, "id":"ASB-A-373357090-c76c6217", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/86cfb77a4664110c44ea147e8457a65e69e6d5d9", "target":{"file":"core/java/android/os/Parcel.java", "function":"readArrayMap"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2025-04-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3adcf170c3ec509ac7af2438a00918348c4b5e73"], "severity":"Critical", "spl":"2025-04-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"73853341556763442392053615797527141125", "length":1326}, "id":"ASB-A-373357090-1c938ac6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3adcf170c3ec509ac7af2438a00918348c4b5e73", "target":{"file":"core/java/android/os/BaseBundle.java", "function":"initializeFromParcelLocked"}}, {"deprecated":false, "digest":{"function_hash":"3639625009863256428634106976644600395", "length":439}, "id":"ASB-A-373357090-24ff9717", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3adcf170c3ec509ac7af2438a00918348c4b5e73", "target":{"file":"core/java/android/os/Parcel.java", "function":"readArrayMap"}}, {"deprecated":false, "digest":{"line_hashes":["70007563725772021220914176732353923900", "155702790994175057480563201915801328101", "140245535160111118058979277684683812709", "210630648330962890454996723531865877619", "96777337053392504666338076000306490274", "259639854293418599742814219684491161830", "272150291001201434112347607894184035479", "301411821508100219895397655666120728155", "336398160658923812412689307473329780903", "334126790301298283885688349405987555768", "284656385637747109171270690348330974938", "248511737252242164836029626417360755727", "285053795053065810956102621386456501055", "123812536056131176815906645123647437430", "173956162966753083069926699107138114108", "130920173498425088889976804992458144581", "178944722696787544011247437461854136170"], "threshold":0.9}, "id":"ASB-A-373357090-839ee786", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3adcf170c3ec509ac7af2438a00918348c4b5e73", "target":{"file":"core/java/android/os/Parcel.java"}}, {"deprecated":false, "digest":{"line_hashes":["95842880749613501685685685641427183707", "205790670589368183264439125641744582550", "82884370948115524344035054150705602570", "116127683009717118913713228721261768843", "124532753789153850048361660499139615205", "151280323933702013278852818807984920431", "73340893721146714439736108393113952999", "313864028103450441026135936157995871783", "24327068165864950661861314814828764555", "151266608617505827726057844653624140908", "123824030931245359800201609763599702866"], "threshold":0.9}, "id":"ASB-A-373357090-87eae867", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3adcf170c3ec509ac7af2438a00918348c4b5e73", "target":{"file":"core/java/android/os/BaseBundle.java"}}, {"deprecated":false, "digest":{"function_hash":"246363379786650779692200600718878853575", "length":135}, "id":"ASB-A-373357090-cb1b0c37", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3adcf170c3ec509ac7af2438a00918348c4b5e73", "target":{"file":"core/java/android/os/Parcel.java", "function":"readArrayMapInternal"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2025-04-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/6e34cc09669b6915caaff67c86e05028078f780d"], "severity":"Critical", "spl":"2025-04-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["70007563725772021220914176732353923900", "155702790994175057480563201915801328101", "81184413139032326092724294098842520581", "271774700640411330658202797594630856788", "45652014861361221443494136689794051277", "122111078550657104219742081406224377415", "221616233908831737886658118850594791004", "250222597214040778626381784472342691086", "336398160658923812412689307473329780903", "328244821306294851041813142689477453744", "153407401575647424025048398316261100236", "274810365942448950113189147576514443131", "294037654489050836943779649134249319476", "271883427317472068268860301104257080680", "76655871820206956544918356623936404420", "222888082678928068983664562525317763191", "109131895407696501634579933078979311775"], "threshold":0.9}, "id":"ASB-A-373357090-148307c2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6e34cc09669b6915caaff67c86e05028078f780d", "target":{"file":"core/java/android/os/Parcel.java"}}, {"deprecated":false, "digest":{"line_hashes":["309149949622612476921339300954049381351", "214852754724718633017647199676284484302", "303117893235665048933559442817047171578", "182707855084936461456160118042393059288", "245388164030757397644012369514618744812", "329864917222197713613486918522368166011", "15734881863849708197395878847195958101", "131464832730268191926044683754602941763", "183152250232147782330806984061114927887", "86159409970118557548095012892336342107", "296368364614721402196069076304886151304", "214350779031284022919206397139237238953", "241800509276548534130450662686416464352", "9942776685939643307299416581591909248", "111813787976873198161133351907871541622", "219394818898485551181615386359836086620", "296076944714942943927242457624369436561"], "threshold":0.9}, "id":"ASB-A-373357090-156d7a60", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6e34cc09669b6915caaff67c86e05028078f780d", "target":{"file":"core/java/android/os/BaseBundle.java"}}, {"deprecated":false, "digest":{"function_hash":"287373806987068616404821333960526490369", "length":431}, "id":"ASB-A-373357090-15722a4d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6e34cc09669b6915caaff67c86e05028078f780d", "target":{"file":"core/java/android/os/Parcel.java", "function":"readArrayMap"}}, {"deprecated":false, "digest":{"function_hash":"246130844828558004846591843701513685920", "length":1367}, "id":"ASB-A-373357090-6f978426", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6e34cc09669b6915caaff67c86e05028078f780d", "target":{"file":"core/java/android/os/BaseBundle.java", "function":"initializeFromParcelLocked"}}, {"deprecated":false, "digest":{"function_hash":"246363379786650779692200600718878853575", "length":135}, "id":"ASB-A-373357090-c7ffcc31", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6e34cc09669b6915caaff67c86e05028078f780d", "target":{"file":"core/java/android/os/Parcel.java", "function":"readArrayMapInternal"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2025-04-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/ece83fb425b1e912a036e9985b710910e2e3ca37"}]}