The vulnerability originates from a logic flaw within KeyguardViewMediator.java in the Android operating system. This flaw enables an attacker to bypass lockdown mode that is normally enforced by screen pinning. Because the exploit does not require additional execution privileges or user interaction, a local attacker can use it to reveal sensitive information normally concealed in lockdown mode, leading to local information disclosure.

Google’s Android platform is affected. The issue is present in the KeyguardViewMediator component across all versions of Android that have not yet integrated the corrective logic, impacting devices that use screen pinning for lockdown protection. Exact version ranges are not specified, so all current Android releases should be considered potentially vulnerable until an official fix is released.

The flaw can be exploited locally without user involvement, making it a high‑risk condition for devices that rely on lockdown mode for protecting data. The EPSS value is not available, and the vulnerability is not listed in CISA’s KEV catalog, so current exploitation statistics are unknown. However, because no additional privileges are required and the logic error permits information disclosure, the potential impact remains significant in environments where sensitive data are protected by lockdown. The CVSS score of 3.3 indicates that the vulnerability is considered low severity.