ASB-A-381339822 — Vulnetix

ASB-A-381339822 PUBLISHED

In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	packages/apps/Launcher3	16-qpr2-next:0, 16-qpr2-next, 15:0
platform	frameworks/base	16-qpr2-next:0, 16-qpr2-next, 15

Timeline

Dec 1, 2025 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2025-12-01 advisory
https://android.googlesource.com/platform/packages/apps/Launcher3/+/7628af9bf77f1d145359bf4075a6674574cae496 patch
https://android.googlesource.com/platform/frameworks/base/+/9fb37191609f7cb7b2374531cafb2d00ec8b4bec patch

Open in Interactive Console →