Описание
In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates through mainline installations due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates through mainline installations due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-48581
- https://android.googlesource.com/platform/build/+/cda08bfbf55aed1e4c79efe6a66bb930d19a8a13
- https://android.googlesource.com/platform/system/apex/+/13bbfe3ef2953e9805d57d3219cc122e485ba90f
- https://android.googlesource.com/platform/system/apex/+/5a33fa4202cb5f06d7f02f3a2b8d13780d7cb3f5
- https://source.android.com/security/bulletin/2025-09-01
- https://source.android.com/security/bulletin/2025-11-01
Связанные уязвимости
In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Уязвимость функции VerifyNoOverlapInSessions файла apexd.cpp операционной системы Android, позволяющая нарушителю повысить свои привилегии