Platform Frameworks Opt Telephony vulnerabilities

CVE-2025-48618 CVE-2025-48618: In processLaunchBrowser of CommandParamsFactory In processLaunchBrowser of CommandParamsFactory.java, there is a possible browser interaction from the lockscreen due to improper locking. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48529 CVE-2025-48529: In setRingtoneUri of VoicemailNotificationSettingsUtil In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21184 CVE-2023-21184: In getCurrentPrivilegedPackagesForAllUsers of CarrierPrivilegesTracker In getCurrentPrivilegedPackagesForAllUsers of CarrierPrivilegesTracker.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20225 CVE-2022-20225: In getSubscriptionProperty of SubscriptionController In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0643 CVE-2021-0643: In getAllSubInfoList of SubscriptionController In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-1008 CVE-2021-1008: In addSubInfo of SubscriptionController In addSubInfo of SubscriptionController.java, there is a possible way to force the user to make a factory reset due to a logic error in the code. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0990 CVE-2021-0990: In getDeviceId of PhoneSubInfoController In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0428 CVE-2021-0428: In getSimSerialNumber of TelephonyManager In getSimSerialNumber of TelephonyManager.java, there is a possible way to read a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0644 CVE-2021-0644: In conditionallyRemoveIdentifiers of SubscriptionController In conditionallyRemoveIdentifiers of SubscriptionController.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0641 CVE-2021-0641: In getAvailableSubscriptionInfoList of SubscriptionController In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0538 CVE-2021-0538: In onCreate of EmergencyCallbackModeExitDialog In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible exit of emergency callback mode due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

CVE-2020-0246 CVE-2020-0246: In getCarrierPrivilegeStatus of UiccAccessRule In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a missing permission check. This could lead to local information disclosure of EID data with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2020-0396 CVE-2020-0396: In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2020-0395 CVE-2020-0395: In showNotification of EmergencyCallbackModeService In showNotification of EmergencyCallbackModeService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2020-0397 CVE-2020-0397: In getNotificationBuilder of CarrierServiceStateTracker In getNotificationBuilder of CarrierServiceStateTracker.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2020-0399 CVE-2020-0399: In showLimitedSimFunctionWarningNotification of NotificationMgr In showLimitedSimFunctionWarningNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.