ASB-A-366401629 — Vulnetix

ASB-A-366401629 PUBLISHED

In isSafeIntent of AccountManagerService.java, there is a possible way to bypass an intent type check due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	packages/apps/Settings	15-next:0, 15-next, 12:0

Timeline

Feb 1, 2025 CVE Published
May 6, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2025-02-01 advisory
https://android.googlesource.com/platform/packages/apps/Settings/+/e3bbc415adb51975aeade545725b6931099d412e patch

Open in Interactive Console →