VDB
ASB-A-336976105
ASB-A-336976105
PUBLISHED
CVSS 6.900000095367432 MEDIUM
In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Risk Scores
CVSS 4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| platform | frameworks/base | 15-next, *, * |
| platform | packages/modules/Permission | 15-next, *, 15-next:0 |
| platform | packages/modules/RemoteKeyProvisioning | 15-next, 14:0, 14 |
Timeline
- Sep 1, 2024 CVE Published
- May 15, 2026 CVE Updated