ASB-A-356117796 — Vulnetix

ASB-A-356117796 PUBLISHED

In AppTimeSpentPresenter of AppTimeSpentPreference.kt, there is a possible way to hijack implicit intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	packages/apps/Settings	15-next:0, 15-next, 15:0

Timeline

Feb 1, 2025 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2025-02-01 advisory
https://android.googlesource.com/platform/packages/apps/Settings/+/4b99ae729036d9d8bb75fa9503c10e7c87b27c2c patch

Open in Interactive Console →