{"id":"ASB-A-443742829", "published":"2025-12-01T00:00:00Z", "modified":"2026-04-03T15:37:31.002635057Z", "aliases":["CVE-2025-48632", "A-443742829"], "details":"In setDisplayName of AssociationRequest.java, there is a possible way to cause CDM associations to persist after the user has disassociated them due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"16-qpr2-next:0"}, {"fixed":"16-qpr2-next:2025-12-01"}]}], "versions":["16-qpr2-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/92dc1af578462212ac04a063bdc407100305436e"], "severity":"High", "spl":"2025-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"28004645345344355699729640648605172658", "length":284}, "id":"ASB-A-443742829-0cd06887", "match_only_versions":["16-qpr2-next"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/92dc1af578462212ac04a063bdc407100305436e", "target":{"file":"core/java/android/companion/AssociationRequest.java", "function":"setDisplayName"}}, {"deprecated":false, "digest":{"function_hash":"214945054854633472258654250911506280402", "length":486}, "id":"ASB-A-443742829-3dddb27e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/92dc1af578462212ac04a063bdc407100305436e", "target":{"file":"core/java/android/companion/AssociationRequest.java", "function":"AssociationRequest"}}, {"deprecated":false, "digest":{"function_hash":"259370121685768045263040026203907129638", "length":57}, "id":"ASB-A-443742829-4189a1d7", "match_only_versions":["16-qpr2-next"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/92dc1af578462212ac04a063bdc407100305436e", "target":{"file":"core/java/android/companion/AssociationRequest.java", "function":"setDisplayName"}}, {"deprecated":false, "digest":{"line_hashes":["127032158101215071857948778004421295027", "261906205169306437236945321627698965301", "292568038487483929121246109272029576413", "210090398096600233208955557406483090043", "182774005629593579391363224269926583565", "240382801211918711678877591688519401327", "106833879100579711315299667745247358533", "20362024773217709447411941482548506351", "162857856128072224597535848492271027745", "443969255866971973160024504367666505", "144134265046655980911436810712702752023", "147870169047473277227489460219500934729", "185407438599804180876075699635479756562", "315552418116178038487450156398866878893", "93599973764947734099641009692792086373", "310118061060155593195113019069566432176", "210595325358920498410262488170660927742"], "threshold":0.9}, "id":"ASB-A-443742829-c041cb9a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/92dc1af578462212ac04a063bdc407100305436e", "target":{"file":"core/java/android/companion/AssociationRequest.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15:0"}, {"fixed":"15:2025-12-01"}]}], "versions":["15"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/c27094d481e10d30585f5bbba95fd5188e1847f0"], "severity":"High", "spl":"2025-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"25507047400613990863916323832332658705", "length":348}, "id":"ASB-A-443742829-4451b2e4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c27094d481e10d30585f5bbba95fd5188e1847f0", "target":{"file":"core/java/android/companion/AssociationRequest.java", "function":"AssociationRequest"}}, {"deprecated":false, "digest":{"line_hashes":["226687171322059760035163430715224975588", "101735109259856570215759161802626317633", "44159805822028748717551128500138612254", "340009000210209828359847840402022960775", "182774005629593579391363224269926583565", "240382801211918711678877591688519401327", "106833879100579711315299667745247358533", "20362024773217709447411941482548506351", "162857856128072224597535848492271027745", "443969255866971973160024504367666505", "144134265046655980911436810712702752023", "147870169047473277227489460219500934729", "185407438599804180876075699635479756562", "315552418116178038487450156398866878893", "93599973764947734099641009692792086373", "310118061060155593195113019069566432176", "210595325358920498410262488170660927742"], "threshold":0.9}, "id":"ASB-A-443742829-7a788fc8", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c27094d481e10d30585f5bbba95fd5188e1847f0", "target":{"file":"core/java/android/companion/AssociationRequest.java"}}, {"deprecated":false, "digest":{"function_hash":"259370121685768045263040026203907129638", "length":57}, "id":"ASB-A-443742829-ea7cd91e", "match_only_versions":["15"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c27094d481e10d30585f5bbba95fd5188e1847f0", "target":{"file":"core/java/android/companion/AssociationRequest.java", "function":"setDisplayName"}}, {"deprecated":false, "digest":{"function_hash":"28004645345344355699729640648605172658", "length":284}, "id":"ASB-A-443742829-f8685e6a", "match_only_versions":["15"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c27094d481e10d30585f5bbba95fd5188e1847f0", "target":{"file":"core/java/android/companion/AssociationRequest.java", "function":"setDisplayName"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"16:0"}, {"fixed":"16:2025-12-01"}]}], "versions":["16"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/110f3e5843d87e4a994eb07160064ca3552355dd"], "severity":"High", "spl":"2025-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"8001921324092845741738512579158245676", "length":434}, "id":"ASB-A-443742829-11e12a76", "match_only_versions":["16"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/110f3e5843d87e4a994eb07160064ca3552355dd", "target":{"file":"core/java/android/companion/AssociationRequest.java", "function":"AssociationRequest"}}, {"deprecated":false, "digest":{"function_hash":"259370121685768045263040026203907129638", "length":57}, "id":"ASB-A-443742829-5dc34c9a", "match_only_versions":["16"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/110f3e5843d87e4a994eb07160064ca3552355dd", "target":{"file":"core/java/android/companion/AssociationRequest.java", "function":"setDisplayName"}}, {"deprecated":false, "digest":{"line_hashes":["283729514524476111226187398516472334034", "110243433303675214941263859318474014234", "219689180958770822558324454683291173565", "288037343717614082245628522746599378099", "182774005629593579391363224269926583565", "240382801211918711678877591688519401327", "106833879100579711315299667745247358533", "20362024773217709447411941482548506351", "162857856128072224597535848492271027745", "443969255866971973160024504367666505", "144134265046655980911436810712702752023", "147870169047473277227489460219500934729", "185407438599804180876075699635479756562", "315552418116178038487450156398866878893", "93599973764947734099641009692792086373", "310118061060155593195113019069566432176", "210595325358920498410262488170660927742"], "threshold":0.9}, "id":"ASB-A-443742829-6c0d6141", "match_only_versions":["16"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/110f3e5843d87e4a994eb07160064ca3552355dd", "target":{"file":"core/java/android/companion/AssociationRequest.java"}}, {"deprecated":false, "digest":{"function_hash":"28004645345344355699729640648605172658", "length":284}, "id":"ASB-A-443742829-9530bb27", "match_only_versions":["16"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/110f3e5843d87e4a994eb07160064ca3552355dd", "target":{"file":"core/java/android/companion/AssociationRequest.java", "function":"setDisplayName"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2025-12-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/1998ea7078f9c129267e42cd83efd3a85e1be57b"], "severity":"High", "spl":"2025-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["147269419953227440488681118598688817780", "52548465390990484745093659737434703888", "25730624046464827620604150295925541558", "226687171322059760035163430715224975588", "101735109259856570215759161802626317633", "44159805822028748717551128500138612254", "340009000210209828359847840402022960775", "182774005629593579391363224269926583565", "240382801211918711678877591688519401327", "106833879100579711315299667745247358533", "20362024773217709447411941482548506351", "65451055277332140781696211045567087548", "323374279332395481658706680841602322999", "129426677134537346045811415153629904845", "136430090691858713646855412254835896610", "129514122091882860967805441408399656850", "328328895007588091968499060994988435413", "93599973764947734099641009692792086373", "310118061060155593195113019069566432176", "210595325358920498410262488170660927742"], "threshold":0.9}, "id":"ASB-A-443742829-915376bb", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1998ea7078f9c129267e42cd83efd3a85e1be57b", "target":{"file":"core/java/android/companion/AssociationRequest.java"}}, {"deprecated":false, "digest":{"function_hash":"25507047400613990863916323832332658705", "length":348}, "id":"ASB-A-443742829-afab5161", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1998ea7078f9c129267e42cd83efd3a85e1be57b", "target":{"file":"core/java/android/companion/AssociationRequest.java", "function":"AssociationRequest"}}, {"deprecated":false, "digest":{"function_hash":"259370121685768045263040026203907129638", "length":57}, "id":"ASB-A-443742829-b149a990", "match_only_versions":["14"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1998ea7078f9c129267e42cd83efd3a85e1be57b", "target":{"file":"core/java/android/companion/AssociationRequest.java", "function":"setDisplayName"}}, {"deprecated":false, "digest":{"function_hash":"86640055349124604017859357467180140315", "length":239}, "id":"ASB-A-443742829-ed034046", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1998ea7078f9c129267e42cd83efd3a85e1be57b", "target":{"file":"core/java/android/companion/AssociationRequest.java", "function":"setDisplayName"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2025-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/de27b16b1af86d4ce18c9134d85b53331a8d2147"}]}