Platform Packages Services Telecomm vulnerabilities

CVE-2025-22432 CVE-2025-22432: In notifyTimeout of CallRedirectionProcessor In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40130 CVE-2023-40130: In notifyTimeout of CallRedirectionProcessor, there is a possible permission bypass due to a logic error in the code In notifyTimeout of CallRedirectionProcessor, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40653 CVE-2024-40653: In multiple functions of ConnectionServiceWrapper In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-0083 CVE-2025-0083: In multiple locations, there is a possible way to access content across user profiles due to URI double encoding In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-0082 CVE-2025-0082: In multiple functions of StatusHint In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2024-40655 CVE-2024-40655: In bindAndGetCallIdentification of CallScreeningServiceHelper In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2024-40656 CVE-2024-40656: In handleCreateConferenceComplete of ConnectionServiceWrapper In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2023-21394 CVE-2023-21394: In registerPhoneAccount of TelecomServiceImpl In registerPhoneAccount of TelecomServiceImpl.java, there is a possible way to reveal images from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21103 CVE-2023-21103: In registerPhoneAccount of PhoneAccountRegistrar In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21111 CVE-2023-21111: In multiple functions of PhoneAccountRegistrar In multiple functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21283 CVE-2023-21283: In multiple functions of StatusHints In multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2023-21138 CVE-2023-21138: In onNullBinding of CallRedirectionProcessor In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21082 CVE-2023-21082: In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to enumerate other user's contact phone number due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21083 CVE-2023-21083: In onNullBinding of CallScreeningServiceHelper In onNullBinding of CallScreeningServiceHelper.java, there is a possible way to record audio without showing a privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-20915 CVE-2023-20915: In addOrReplacePhoneAccount of PhoneAccountRegistrar In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20501 CVE-2022-20501: In onCreate of EnableAccountPreferenceActivity In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

CVE-2022-20451 CVE-2022-20451: In onCallRedirectionComplete of CallsManager In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2022-20426 CVE-2022-20426: In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20129 CVE-2022-20129: In registerPhoneAccount of PhoneAccountRegistrar In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20114 CVE-2022-20114: In placeCall of TelecomManager In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.