Description
In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-17
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in CarrierConfigLoader.overrideConfig, where a permissions bypass allows an application to evade the UID verification. This flaw enables a local attacker to gain higher privileges without requiring separate execution rights or user interaction. The flaw effectively changes the security context of a calling component, allowing it to perform privileged operations.

Affected Systems

Android devices that include the vulnerable CarrierConfigLoader component are affected. The specific Android releases are not enumerated in the data, so any device running an unpatched version of CarrierConfigLoader could be at risk.

Risk and Exploitability

The EPSS score is below 1%, indicating a low likelihood of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. However, because the attack does not require user interaction and only needs local execution, the risk to individual devices is significant. An attacker with local access could exploit the flaw to elevate privileges and compromise system integrity. The attack vector is local; no remote exploitation is implied.

Generated by OpenCVE AI on June 17, 2026 at 18:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device to the latest Android version that contains the fix for the carrier configuration permissions issue.
  • Verify that any third‑party apps using carrier configuration APIs are updated and that they run under appropriate user identifiers.
  • Restrict or Disable carrier configuration privileges for untrusted applications via device administration or app‑level permission management.

Generated by OpenCVE AI on June 17, 2026 at 18:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 17 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Wed, 17 Jun 2026 06:00:00 +0000

Type Values Removed Values Added
Description In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-17T14:00:19.273Z

Reserved: 2025-05-22T18:12:23.626Z

Link: CVE-2025-48617

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T07:30:04Z

Weaknesses

No weakness.