{"id":"ASB-A-442392902", "published":"2026-03-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2025-48654", "A-442392902"], "details":"In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"16-qpr2-next:0"}, {"fixed":"16-qpr2-next:2026-03-01"}]}], "versions":["16-qpr2-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/975dab1f72d08a4444cb07c8bd7206ae95f2e65c"], "severity":"High", "spl":"2026-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"262238437593147484460386964637528596510", "length":277}, "id":"ASB-A-442392902-537d06de", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/975dab1f72d08a4444cb07c8bd7206ae95f2e65c", "target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java", "function":"onStart"}}, {"deprecated":false, "digest":{"line_hashes":["100773564642563799443363088126167028264", "337625126975700278524523411866481193415", "68463754524088633172381643215059855522", "194173072776936318033832449965978497353", "99636806959312342506754886445120011592", "309306652100673762866566535910597669584", "16881537851996141394921705504896483707"], "threshold":0.9}, "id":"ASB-A-442392902-cb8227b6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/975dab1f72d08a4444cb07c8bd7206ae95f2e65c", "target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"16:0"}, {"fixed":"16:2026-03-01"}]}], "versions":["16"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/13714bcfaff6ef1c16d0aa3d359b1c8bc1859ac3"], "severity":"High", "spl":"2026-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["100773564642563799443363088126167028264", "337625126975700278524523411866481193415", "68463754524088633172381643215059855522", "19561236882564109537809807217987058052", "99636806959312342506754886445120011592", "309306652100673762866566535910597669584", "16881537851996141394921705504896483707"], "threshold":0.9}, "id":"ASB-A-442392902-38f3cc73", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/13714bcfaff6ef1c16d0aa3d359b1c8bc1859ac3", "target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"262238437593147484460386964637528596510", "length":277}, "id":"ASB-A-442392902-52d47ff1", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/13714bcfaff6ef1c16d0aa3d359b1c8bc1859ac3", "target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java", "function":"onStart"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"16-qpr2:0"}, {"fixed":"16-qpr2:2026-03-01"}]}], "versions":["16-qpr2"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/665bab82f9b4dfe9afe9d9c0010f076ff154f936"], "severity":"High", "spl":"2026-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["100773564642563799443363088126167028264", "337625126975700278524523411866481193415", "68463754524088633172381643215059855522", "19561236882564109537809807217987058052", "99636806959312342506754886445120011592", "309306652100673762866566535910597669584", "16881537851996141394921705504896483707"], "threshold":0.9}, "id":"ASB-A-442392902-c1d38471", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/665bab82f9b4dfe9afe9d9c0010f076ff154f936", "target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"262238437593147484460386964637528596510", "length":277}, "id":"ASB-A-442392902-c3097227", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/665bab82f9b4dfe9afe9d9c0010f076ff154f936", "target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java", "function":"onStart"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2026-03-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/924df83d73d9f938fde025c2e793ca12646207e0"}]}