Impact
The vulnerability involves improper input validation during the provisioning process. This flaw allows an attacker who has local access to an Android device to elevate privileges without executing additional code. The exploitation does not require user interaction, meaning the attacker can perform the attack directly after gaining physical or local access.
Affected Systems
Google Android. No specific affected versions are listed, indicating that any Android device containing the vulnerable provisioning components could be at risk, including recent releases available at the time of the advisory.
Risk and Exploitability
The CVSS score of 7.8 indicates medium‑high severity for this local privilege escalation vulnerability. The EPSS score of less than 1% implies a low likelihood of exploitation in the wild. The flaw is not listed in the CISA KEV catalog. Because user interaction is not required and the vulnerability resides in local provisioning, an attacker with physical or local access can potentially exploit it. No additional execution privileges are needed.
OpenCVE Enrichment