Platform Packages Apps Settings vulnerabilities

CVE-2025-22427 CVE-2025-22427: In onCreate of NotificationAccessConfirmationActivity In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-22418 CVE-2025-22418: In multiple locations, there is a possible confused deputy due to Intent Redirect In multiple locations, there is a possible confused deputy due to Intent Redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-0095 CVE-2025-0095: In AppTimeSpentPresenter of AppTimeSpentPreference In AppTimeSpentPresenter of AppTimeSpentPreference.kt, there is a possible way to hijack implicit intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-0094 CVE-2025-0094: In onCreateOptionsMenu of UserSettings In onCreateOptionsMenu of UserSettings.java, there is a possible way to remove the work profile by opening a hidden activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-0091 CVE-2025-0091: In isSafeIntent of AccountManagerService In isSafeIntent of AccountManagerService.java, there is a possible way to bypass an intent type check due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-49736 CVE-2024-49736: In onClick of MainClear In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-49742 CVE-2024-49742: In onCreate of NotificationAccessConfirmationActivity In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app with notification access in Settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2024-43088 CVE-2024-43088: In multiple functions in AppInfoBase In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43080 CVE-2024-43080: In onReceive of AppRestrictionsFragment In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2024-43087 CVE-2024-43087: In getInstalledAccessibilityPreferences of AccessibilitySettings In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2024-40677 CVE-2024-40677: In shouldSkipForInitialSUW of AdvancedPowerUsageDetail In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40654 CVE-2024-40654: In multiple locations, there is a possible permission bypass due to a confused deputy In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2024-40657 CVE-2024-40657: In addPreferencesForType of AccountTypePreferenceLoader In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to disable apps for other users due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40650 CVE-2024-40650: In wifi_item_edit_content of styles In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40652 CVE-2024-40652: In onCreate of SettingsHomepageActivity In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2024-31332 CVE-2024-31332: In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-23707 CVE-2024-23707: In multiple locations, there is a possible permissions bypass due to improper input validation In multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2024-23704 CVE-2024-23704: In onCreate of WifiDialogActivity In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-0020 CVE-2024-0020: In onActivityResult of NotificationSoundPreference In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-0021 CVE-2024-0021: In onCreate of NotificationAccessConfirmationActivity In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.