{"id":"ASB-A-433746973", "published":"2026-03-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2026-0025", "A-433746973"], "details":"In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"16-qpr2-next:0"}, {"fixed":"16-qpr2-next:2026-03-01"}]}], "versions":["16-qpr2-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/71d4afae00c7d6d9238f8ec82303e1e13da50fbb", "https://android.googlesource.com/platform/frameworks/base/+/4f75b823796641615583fee0b03a37db6139e9e2"], "severity":"High", "spl":"2026-03-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["208457733616812906224072334317441311486", "177741000024498610159506990581220824865", "246827322931647878402727532051987708110", "366885149601952916460938894739865235", "234143833201926822247770025081733917375", "114943680788978231257779752178005008740", "192576508593764210838752494662788023850", "116813442933041783963474251816540213764", "257152848526048718978114734189840107168", "303275495934743804745592230443152619800", "298379860440521963031288225963188269361", "23429470870889590322777105974998790777", "37632166122149386811223787386280723680", "5252976747246714009360738678155877081", "85395014211052402365053891356592096893", "288384680890765465103422898482727070452", "335490982615414724704982197380408897798", "97917139651027726768513675619098556566", "228799725567654130447136930544436091864", "37845789811354991732956325964285322222", "110177719128765197004277074762828482508", "234656496459289722207609407715090371710"], "threshold":0.9}, "id":"ASB-A-433746973-116e710d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/71d4afae00c7d6d9238f8ec82303e1e13da50fbb", "target":{"file":"core/java/android/app/Notification.java"}}, {"deprecated":false, "digest":{"function_hash":"222862161965606227208221585316443210496", "length":848}, "id":"ASB-A-433746973-5648c433", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/71d4afae00c7d6d9238f8ec82303e1e13da50fbb", "target":{"file":"core/java/android/app/Notification.java", "function":"restoreFromExtras"}}, {"deprecated":false, "digest":{"line_hashes":["271970879545183213048976685239564649552", "256309662455536330311331838685129896281", "337576367368607241813693656732624169277", "293270563471319284243892340092297590869", "207884255240402107614090257996188795272", "195704373898344098143959282056482778135", "74089123099812119618810142444649031038", "26309697718932733755802101959838141910"], "threshold":0.9}, "id":"ASB-A-433746973-76bcee79", "match_only_versions":["16-qpr2-next"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/71d4afae00c7d6d9238f8ec82303e1e13da50fbb", "target":{"file":"packages/SystemUI/src/com/android/systemui/people/NotificationHelper.java"}}, {"deprecated":false, "digest":{"function_hash":"252317402073980250186722477669218326045", "length":451}, "id":"ASB-A-433746973-807135e9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4f75b823796641615583fee0b03a37db6139e9e2", "target":{"file":"packages/SystemUI/src/com/android/systemui/people/NotificationHelper.java", "function":"getMessagingStyleMessages"}}, {"deprecated":false, "digest":{"function_hash":"156289883570323766609605117093722529858", "length":3034}, "id":"ASB-A-433746973-80de7cf0", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/71d4afae00c7d6d9238f8ec82303e1e13da50fbb", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"function_hash":"282702296223219099501557654338978723164", "length":500}, "id":"ASB-A-433746973-85cf7b35", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/71d4afae00c7d6d9238f8ec82303e1e13da50fbb", "target":{"file":"core/java/android/app/Notification.java", "function":"hasImage"}}, {"deprecated":false, "digest":{"line_hashes":["244118638129313130557854724885127005822", "166641002803337483219430292399830492341", "266306969800215601446364302984980401443", "310041130600403422503644795569821551019", "269481190831618501634409597190761555953"], "threshold":0.9}, "id":"ASB-A-433746973-c0d3da3f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4f75b823796641615583fee0b03a37db6139e9e2", "target":{"file":"packages/SystemUI/src/com/android/systemui/people/NotificationHelper.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15:0"}, {"fixed":"15:2026-03-01"}]}], "versions":["15"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/f64c1e377842d9a8df814bcbad831bd4ce01583d"], "severity":"High", "spl":"2026-03-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"282702296223219099501557654338978723164", "length":500}, "id":"ASB-A-433746973-065d04ab", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f64c1e377842d9a8df814bcbad831bd4ce01583d", "target":{"file":"core/java/android/app/Notification.java", "function":"hasImage"}}, {"deprecated":false, "digest":{"function_hash":"14872119413519754712221561025011505500", "length":2658}, "id":"ASB-A-433746973-945b38cd", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f64c1e377842d9a8df814bcbad831bd4ce01583d", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"line_hashes":["208457733616812906224072334317441311486", "177741000024498610159506990581220824865", "246827322931647878402727532051987708110", "366885149601952916460938894739865235", "234143833201926822247770025081733917375", "114943680788978231257779752178005008740", "192576508593764210838752494662788023850", "116813442933041783963474251816540213764", "257152848526048718978114734189840107168", "303275495934743804745592230443152619800", "298379860440521963031288225963188269361", "23429470870889590322777105974998790777", "37632166122149386811223787386280723680", "5252976747246714009360738678155877081", "85395014211052402365053891356592096893", "288384680890765465103422898482727070452", "335490982615414724704982197380408897798", "97917139651027726768513675619098556566", "228799725567654130447136930544436091864", "37845789811354991732956325964285322222", "110177719128765197004277074762828482508", "234656496459289722207609407715090371710"], "threshold":0.9}, "id":"ASB-A-433746973-e5172a75", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f64c1e377842d9a8df814bcbad831bd4ce01583d", "target":{"file":"core/java/android/app/Notification.java"}}, {"deprecated":false, "digest":{"function_hash":"222862161965606227208221585316443210496", "length":848}, "id":"ASB-A-433746973-f5702178", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f64c1e377842d9a8df814bcbad831bd4ce01583d", "target":{"file":"core/java/android/app/Notification.java", "function":"restoreFromExtras"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"16:0"}, {"fixed":"16:2026-03-01"}]}], "versions":["16"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/70fe31848f073029cdb38cd6c5fe47f200dd4c78"], "severity":"High", "spl":"2026-03-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"222862161965606227208221585316443210496", "length":848}, "id":"ASB-A-433746973-2e9febd7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/70fe31848f073029cdb38cd6c5fe47f200dd4c78", "target":{"file":"core/java/android/app/Notification.java", "function":"restoreFromExtras"}}, {"deprecated":false, "digest":{"function_hash":"282702296223219099501557654338978723164", "length":500}, "id":"ASB-A-433746973-4e25bffb", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/70fe31848f073029cdb38cd6c5fe47f200dd4c78", "target":{"file":"core/java/android/app/Notification.java", "function":"hasImage"}}, {"deprecated":false, "digest":{"line_hashes":["208457733616812906224072334317441311486", "177741000024498610159506990581220824865", "246827322931647878402727532051987708110", "366885149601952916460938894739865235", "234143833201926822247770025081733917375", "114943680788978231257779752178005008740", "192576508593764210838752494662788023850", "116813442933041783963474251816540213764", "257152848526048718978114734189840107168", "303275495934743804745592230443152619800", "298379860440521963031288225963188269361", "23429470870889590322777105974998790777", "37632166122149386811223787386280723680", "5252976747246714009360738678155877081", "85395014211052402365053891356592096893", "288384680890765465103422898482727070452", "335490982615414724704982197380408897798", "97917139651027726768513675619098556566", "228799725567654130447136930544436091864", "37845789811354991732956325964285322222", "110177719128765197004277074762828482508", "234656496459289722207609407715090371710"], "threshold":0.9}, "id":"ASB-A-433746973-867d6dc5", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/70fe31848f073029cdb38cd6c5fe47f200dd4c78", "target":{"file":"core/java/android/app/Notification.java"}}, {"deprecated":false, "digest":{"function_hash":"308418045487389591573365703911278494154", "length":2951}, "id":"ASB-A-433746973-c1b9e230", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/70fe31848f073029cdb38cd6c5fe47f200dd4c78", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"16-qpr2:0"}, {"fixed":"16-qpr2:2026-03-01"}]}], "versions":["16-qpr2"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/fb415bfd038da2b276e031618459727bb56240b5"], "severity":"High", "spl":"2026-03-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"282702296223219099501557654338978723164", "length":500}, "id":"ASB-A-433746973-0ab29497", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fb415bfd038da2b276e031618459727bb56240b5", "target":{"file":"core/java/android/app/Notification.java", "function":"hasImage"}}, {"deprecated":false, "digest":{"function_hash":"308418045487389591573365703911278494154", "length":2951}, "id":"ASB-A-433746973-68f7f988", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fb415bfd038da2b276e031618459727bb56240b5", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"line_hashes":["208457733616812906224072334317441311486", "177741000024498610159506990581220824865", "246827322931647878402727532051987708110", "366885149601952916460938894739865235", "234143833201926822247770025081733917375", "114943680788978231257779752178005008740", "192576508593764210838752494662788023850", "116813442933041783963474251816540213764", "257152848526048718978114734189840107168", "303275495934743804745592230443152619800", "298379860440521963031288225963188269361", "23429470870889590322777105974998790777", "37632166122149386811223787386280723680", "5252976747246714009360738678155877081", "85395014211052402365053891356592096893", "288384680890765465103422898482727070452", "335490982615414724704982197380408897798", "97917139651027726768513675619098556566", "228799725567654130447136930544436091864", "37845789811354991732956325964285322222", "110177719128765197004277074762828482508", "234656496459289722207609407715090371710"], "threshold":0.9}, "id":"ASB-A-433746973-a7c43e9d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fb415bfd038da2b276e031618459727bb56240b5", "target":{"file":"core/java/android/app/Notification.java"}}, {"deprecated":false, "digest":{"function_hash":"222862161965606227208221585316443210496", "length":848}, "id":"ASB-A-433746973-d8bf2eee", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fb415bfd038da2b276e031618459727bb56240b5", "target":{"file":"core/java/android/app/Notification.java", "function":"restoreFromExtras"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2026-03-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/2603bda7897a971841bee00beabb1bf4d7451604"], "severity":"High", "spl":"2026-03-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"282702296223219099501557654338978723164", "length":500}, "id":"ASB-A-433746973-591a4c76", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/2603bda7897a971841bee00beabb1bf4d7451604", "target":{"file":"core/java/android/app/Notification.java", "function":"hasImage"}}, {"deprecated":false, "digest":{"function_hash":"14872119413519754712221561025011505500", "length":2658}, "id":"ASB-A-433746973-7e03ab73", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/2603bda7897a971841bee00beabb1bf4d7451604", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"line_hashes":["208457733616812906224072334317441311486", "177741000024498610159506990581220824865", "246827322931647878402727532051987708110", "366885149601952916460938894739865235", "234143833201926822247770025081733917375", "114943680788978231257779752178005008740", "192576508593764210838752494662788023850", "116813442933041783963474251816540213764", "257152848526048718978114734189840107168", "303275495934743804745592230443152619800", "298379860440521963031288225963188269361", "23429470870889590322777105974998790777", "37632166122149386811223787386280723680", "5252976747246714009360738678155877081", "85395014211052402365053891356592096893", "288384680890765465103422898482727070452", "335490982615414724704982197380408897798", "97917139651027726768513675619098556566", "228799725567654130447136930544436091864", "37845789811354991732956325964285322222", "110177719128765197004277074762828482508", "234656496459289722207609407715090371710"], "threshold":0.9}, "id":"ASB-A-433746973-8276fd20", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/2603bda7897a971841bee00beabb1bf4d7451604", "target":{"file":"core/java/android/app/Notification.java"}}, {"deprecated":false, "digest":{"function_hash":"222862161965606227208221585316443210496", "length":848}, "id":"ASB-A-433746973-dacf161f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/2603bda7897a971841bee00beabb1bf4d7451604", "target":{"file":"core/java/android/app/Notification.java", "function":"restoreFromExtras"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2026-03-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/014dea279c49d532bc4fbbdebbc024133967b6a8"}]}