Description
In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-03-02
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local Denial of Service
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a local persistent denial of service caused by improper input validation in AppOpsService.java. It can trigger service crashes that degrade device responsiveness, impacting the availability of affected applications and system services. The weakness is an input validation error (CWE‑20).

Affected Systems

Android 14.0, 15.0, 16.0, and the 16.0 release candidates qpr2 beta 1‑3. All affected versions are listed in the Android 2026‑03‑01 security bulletin.

Risk and Exploitability

The CVSS score of 6.2 classifies this issue as medium severity. The EPSS <1% indicates a very low probability that an exploit will be observed in the wild, and it is not listed in the CISA KEV catalog. The flaw is local; it does not require network access or privilege escalation and does not need user interaction, meaning any user with device access could trigger the denial of service by sending malformed inputs to AppOpsService.

Generated by OpenCVE AI on April 16, 2026 at 14:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device to the latest Android security patch as described in the 2026‑03‑01 bulletin, which includes the AppOpsService fix.
  • Reboot the device after installing the patch to ensure the service is running the corrected version.
  • Limit exposure by uninstalling or temporarily disabling third‑party applications that frequently invoke AppOpsService operations until the device is patched.

Generated by OpenCVE AI on April 16, 2026 at 14:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
Title Local Denial of Service via Improper Input Validation in AppOpsService

Fri, 06 Mar 2026 04:30:00 +0000

Type Values Removed Values Added
References

Fri, 06 Mar 2026 04:15:00 +0000

Type Values Removed Values Added
References

Tue, 03 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:google:android:16.0:qpr2:*:*:*:*:*:* cpe:2.3:o:google:android:16.0:qpr2_beta_1:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_2:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_3:*:*:*:*:*:*

Tue, 03 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
CPEs cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2:*:*:*:*:*:*
Vendors & Products Google
Google android

Mon, 02 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
Description In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-03-06T03:49:23.989Z

Reserved: 2025-10-15T15:38:46.659Z

Link: CVE-2026-0015

cve-icon Vulnrichment

Updated: 2026-03-02T21:22:45.428Z

cve-icon NVD

Status : Modified

Published: 2026-03-02T19:16:30.020

Modified: 2026-03-06T04:16:04.037

Link: CVE-2026-0015

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T14:30:16Z

Weaknesses