{"id":"ASB-A-427206637", "published":"2025-12-01T00:00:00Z", "modified":"2026-04-03T15:37:31.002635057Z", "aliases":["CVE-2025-48594", "A-427206637"], "details":"In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion application privileges after disassociation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"16-qpr2-next:0"}, {"fixed":"16-qpr2-next:2025-12-01"}]}], "versions":["16-qpr2-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/69baf67afba5fae48ef6f42e5992dfab1fc7eb41"], "severity":"High", "spl":"2025-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"306235220049361442763866834730307360753", "length":562}, "id":"ASB-A-427206637-63c5bf30", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/69baf67afba5fae48ef6f42e5992dfab1fc7eb41", "target":{"file":"services/companion/java/com/android/server/companion/association/DisassociationProcessor.java", "function":"DisassociationProcessor"}}, {"deprecated":false, "digest":{"line_hashes":["281874490177312240519823729995279595255", "336422262116570940965302276666271992073", "152987804126297213632007953015756770793", "900460132994484871143206169214672768", "295900567739669827141609041679651153417", "17858190896436977160783581958648170706", "289141942368134470275835757175997236983", "183591313061829470571358821269624125482", "296461132857050775513415903868645086250", "55876948739860922906961234465690407005", "268839658239330683300583130105139948143", "78679649780624026710572694548968956542", "100963698831982946850636221095012176559", "178736118144794565967805850641235219037", "12119720721443488657888573779541422073", "61213372158523721349442871688769486887", "200067696639067216286633604541937684904", "118094738247380640521411378209770298720", "238416160406399331743794316174095301730", "4447673686929424407966694870797471753", "310961716639004085620806337535202332795", "167753429901858045856690845393467382168", "322569379880868258134088291095467345051"], "threshold":0.9}, "id":"ASB-A-427206637-c7c33632", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/69baf67afba5fae48ef6f42e5992dfab1fc7eb41", "target":{"file":"services/companion/java/com/android/server/companion/association/DisassociationProcessor.java"}}, {"deprecated":false, "digest":{"function_hash":"119636507221916344533198422203838461594", "length":450}, "id":"ASB-A-427206637-fe6e898e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/69baf67afba5fae48ef6f42e5992dfab1fc7eb41", "target":{"file":"services/companion/java/com/android/server/companion/association/DisassociationProcessor.java", "function":"onUidImportance"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15:0"}, {"fixed":"15:2025-12-01"}]}], "versions":["15"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/90756fe1878be807c0cc0f6e7d9ad263cce0d4f0"], "severity":"High", "spl":"2025-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["194407252432011980615410794665000479921", "181706948423201038949800844103099513725", "152987804126297213632007953015756770793", "900460132994484871143206169214672768", "295900567739669827141609041679651153417", "17858190896436977160783581958648170706", "289141942368134470275835757175997236983", "183591313061829470571358821269624125482", "296461132857050775513415903868645086250", "55876948739860922906961234465690407005", "122871192071459603143293108294724120468", "9206985791235077847704506950061438514", "126285850625806013088781323971727928998", "178736118144794565967805850641235219037", "12119720721443488657888573779541422073", "61213372158523721349442871688769486887", "200067696639067216286633604541937684904", "118094738247380640521411378209770298720", "238416160406399331743794316174095301730", "333421850611826967987825142472079619031", "698821384916654366304422741692771527", "263236051533883028084344966376056148658", "149994166698843150873583445365667347945"], "threshold":0.9}, "id":"ASB-A-427206637-d922c9d6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/90756fe1878be807c0cc0f6e7d9ad263cce0d4f0", "target":{"file":"services/companion/java/com/android/server/companion/association/DisassociationProcessor.java"}}, {"deprecated":false, "digest":{"function_hash":"199473710430211135731756668506887018538", "length":472}, "id":"ASB-A-427206637-da224555", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/90756fe1878be807c0cc0f6e7d9ad263cce0d4f0", "target":{"file":"services/companion/java/com/android/server/companion/association/DisassociationProcessor.java", "function":"onUidImportance"}}, {"deprecated":false, "digest":{"function_hash":"306235220049361442763866834730307360753", "length":562}, "id":"ASB-A-427206637-f1232a87", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/90756fe1878be807c0cc0f6e7d9ad263cce0d4f0", "target":{"file":"services/companion/java/com/android/server/companion/association/DisassociationProcessor.java", "function":"DisassociationProcessor"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"16:0"}, {"fixed":"16:2025-12-01"}]}], "versions":["16"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/5d85254e025ceba2c89ab03427bd1e2f8b68cc45"], "severity":"High", "spl":"2025-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"119636507221916344533198422203838461594", "length":450}, "id":"ASB-A-427206637-06ea6ddc", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5d85254e025ceba2c89ab03427bd1e2f8b68cc45", "target":{"file":"services/companion/java/com/android/server/companion/association/DisassociationProcessor.java", "function":"onUidImportance"}}, {"deprecated":false, "digest":{"line_hashes":["194407252432011980615410794665000479921", "181706948423201038949800844103099513725", "152987804126297213632007953015756770793", "900460132994484871143206169214672768", "295900567739669827141609041679651153417", "17858190896436977160783581958648170706", "289141942368134470275835757175997236983", "183591313061829470571358821269624125482", "296461132857050775513415903868645086250", "55876948739860922906961234465690407005", "268839658239330683300583130105139948143", "78679649780624026710572694548968956542", "100963698831982946850636221095012176559", "178736118144794565967805850641235219037", "12119720721443488657888573779541422073", "61213372158523721349442871688769486887", "200067696639067216286633604541937684904", "118094738247380640521411378209770298720", "238416160406399331743794316174095301730", "4447673686929424407966694870797471753", "310961716639004085620806337535202332795", "167753429901858045856690845393467382168", "322569379880868258134088291095467345051"], "threshold":0.9}, "id":"ASB-A-427206637-e88267b5", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5d85254e025ceba2c89ab03427bd1e2f8b68cc45", "target":{"file":"services/companion/java/com/android/server/companion/association/DisassociationProcessor.java"}}, {"deprecated":false, "digest":{"function_hash":"306235220049361442763866834730307360753", "length":562}, "id":"ASB-A-427206637-f71b5366", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5d85254e025ceba2c89ab03427bd1e2f8b68cc45", "target":{"file":"services/companion/java/com/android/server/companion/association/DisassociationProcessor.java", "function":"DisassociationProcessor"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2025-12-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/d508d024261cd746f189ce51472b9df4af7f53f0"], "severity":"High", "spl":"2025-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"72299295015094316309416543401159986616", "length":527}, "id":"ASB-A-427206637-012742c4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/d508d024261cd746f189ce51472b9df4af7f53f0", "target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java", "function":"onUidImportance"}}, {"deprecated":false, "digest":{"function_hash":"202162200958170292469142224371157195393", "length":726}, "id":"ASB-A-427206637-35918929", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/d508d024261cd746f189ce51472b9df4af7f53f0", "target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java", "function":"CompanionDeviceManagerService"}}, {"deprecated":false, "digest":{"line_hashes":["43460930496671996457242955919966882949", "322696364151095460627845930943184926026", "24901215148654845815625619171569808522", "204492804076074712624147504353710493265", "121327029803329998838724841509645250818", "17544327125814070885832006516692954321", "45752289063922161400513535575125651866", "240123326566786973848266722384464629634", "215174910791780241836412797926831331454", "289568127228921354895740450764838314954", "312685666919126306847854473611324711911", "239792416476300270839793351085108686731", "244331801646106553510693905526560863631", "31052009500075734041877029994961998238", "81939064661954587564176904771549399673", "331232681124377162690832855640670147041", "98860449454069059746714285281935036845", "201445487092169480580440174363878675466", "125517822916051674776273450539841626100", "242837889376537584886448049800601665322", "68419213998497834263558417488119642872", "6972273287019048467622653550387545717", "12375694401191497956445477182788378446", "77134692694715250248342756223831879293"], "threshold":0.9}, "id":"ASB-A-427206637-efe2cc3d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/d508d024261cd746f189ce51472b9df4af7f53f0", "target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2025-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/ea2bcc66534263fac4c337f1a5149704c2262169"}]}