{"id":"ASB-A-373467684","details":"In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-373467684","CVE-2025-32312"],"modified":"2026-03-11T06:32:13.538938Z","published":"2025-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-06-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/577cdba1048ce04816c962264a11efd02f1f5b73"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16-next:0"},{"fixed":"16-next:2025-06-01"}]}],"versions":["16-next"],"ecosystem_specific":{"types":["EoP"],"spl":"2025-06-01","fixes":["https://googleplex-android.googlesource.com/platform/frameworks/base/+/65c1a90bf4af54f555ded29ec2384072b1c962b8"],"severity":"High","vanir_signatures":[{"source":"https://googleplex-android.googlesource.com/platform/frameworks/base/+/65c1a90bf4af54f555ded29ec2384072b1c962b8","signature_type":"Function","target":{"function":"createIntentsList","file":"core/java/android/content/pm/PackageParser.java"},"signature_version":"v1","id":"ASB-A-373467684-0f294854","digest":{"function_hash":"25686159493623211619787215512398345538","length":585},"deprecated":false},{"source":"https://googleplex-android.googlesource.com/platform/frameworks/base/+/65c1a90bf4af54f555ded29ec2384072b1c962b8","signature_type":"Line","target":{"file":"core/java/android/content/pm/PackageParser.java"},"signature_version":"v1","id":"ASB-A-373467684-24383d32","digest":{"threshold":0.9,"line_hashes":["109803237766122648025674423814563045897","230092335716608527425692838741407045547","233404416498654765875498009191951814135","93002042245188852370503082178180262737"]},"deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-373467684.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15:0"},{"fixed":"15:2025-06-01"}]}],"versions":["15"],"ecosystem_specific":{"types":["EoP"],"spl":"2025-06-01","fixes":["https://googleplex-android.googlesource.com/platform/frameworks/base/+/cfd0ded301a5848b9b2caedb44878ae6ff0a7456"],"severity":"High","vanir_signatures":[{"source":"https://googleplex-android.googlesource.com/platform/frameworks/base/+/cfd0ded301a5848b9b2caedb44878ae6ff0a7456","signature_type":"Function","target":{"function":"createIntentsList","file":"core/java/android/content/pm/PackageParser.java"},"signature_version":"v1","id":"ASB-A-373467684-5b32fdd8","digest":{"function_hash":"25686159493623211619787215512398345538","length":585},"deprecated":false},{"source":"https://googleplex-android.googlesource.com/platform/frameworks/base/+/cfd0ded301a5848b9b2caedb44878ae6ff0a7456","signature_type":"Line","target":{"file":"core/java/android/content/pm/PackageParser.java"},"signature_version":"v1","id":"ASB-A-373467684-d87b3246","digest":{"threshold":0.9,"line_hashes":["109803237766122648025674423814563045897","230092335716608527425692838741407045547","233404416498654765875498009191951814135","93002042245188852370503082178180262737"]},"deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-373467684.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2025-06-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["EoP"],"spl":"2025-06-01","fixes":["https://googleplex-android.googlesource.com/platform/frameworks/base/+/249d11226b24f660af50cac7e41b5fed1d0ee19a"],"severity":"High","vanir_signatures":[{"source":"https://googleplex-android.googlesource.com/platform/frameworks/base/+/249d11226b24f660af50cac7e41b5fed1d0ee19a","signature_type":"Line","target":{"file":"core/java/android/content/pm/PackageParser.java"},"signature_version":"v1","id":"ASB-A-373467684-26754784","digest":{"threshold":0.9,"line_hashes":["109803237766122648025674423814563045897","230092335716608527425692838741407045547","233404416498654765875498009191951814135","93002042245188852370503082178180262737"]},"deprecated":false},{"source":"https://googleplex-android.googlesource.com/platform/frameworks/base/+/249d11226b24f660af50cac7e41b5fed1d0ee19a","signature_type":"Function","target":{"function":"createIntentsList","file":"core/java/android/content/pm/PackageParser.java"},"signature_version":"v1","id":"ASB-A-373467684-f4b0b2df","digest":{"function_hash":"25686159493623211619787215512398345538","length":585},"deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-373467684.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2025-06-01"}]}],"versions":["14"],"ecosystem_specific":{"types":["EoP"],"spl":"2025-06-01","fixes":["https://googleplex-android.googlesource.com/platform/frameworks/base/+/9937e7194ae9a2051c90d38a5bd7e7505b19cb87"],"severity":"High","vanir_signatures":[{"source":"https://googleplex-android.googlesource.com/platform/frameworks/base/+/9937e7194ae9a2051c90d38a5bd7e7505b19cb87","signature_type":"Function","target":{"function":"createIntentsList","file":"core/java/android/content/pm/PackageParser.java"},"signature_version":"v1","id":"ASB-A-373467684-3712c895","digest":{"function_hash":"25686159493623211619787215512398345538","length":585},"deprecated":false},{"source":"https://googleplex-android.googlesource.com/platform/frameworks/base/+/9937e7194ae9a2051c90d38a5bd7e7505b19cb87","signature_type":"Line","target":{"file":"core/java/android/content/pm/PackageParser.java"},"signature_version":"v1","id":"ASB-A-373467684-dd64bd42","digest":{"threshold":0.9,"line_hashes":["109803237766122648025674423814563045897","230092335716608527425692838741407045547","233404416498654765875498009191951814135","93002042245188852370503082178180262737"]},"deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-373467684.json"}}],"schema_version":"1.7.5"}