Impact
A logic error in SettingsLib enables an application or system component to be disabled without user interaction, allowing a local attacker to elevate privilege. The flaw does not require any additional execution privileges and can be triggered by local code without user interaction. The impact is loss of control over system services that are normally protected by the operating system.
Affected Systems
Google Android devices are impacted. The official advisory references Android 17, but the specific version(s) that contain the flaw are not explicitly enumerated in the provided documentation. Therefore, the affected releases remain unspecified beyond the family of Android devices.
Risk and Exploitability
The CVSS score of 7.8 indicates high severity, but the EPSS score of less than 1% indicates a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires local access to the device, and no user interaction is needed; this increases the risk for any compromised machine. The specific affected releases are not provided explicitly, so the actual risk depends on whether the device is running a vulnerable Android version.
OpenCVE Enrichment