Description
In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-17
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In PhoneInterfaceManager.java, a logic error in the setAllowedCarriers method allows disabling carrier restrictions without requiring elevated privileges or user interaction. The flaw enables a local attacker to elevate privileges, potentially attaining root or system access, which can compromise confidentiality, integrity, and availability by permitting malicious code installation or system tampering.

Affected Systems

The vulnerability affects Google's Android operating system within the PhoneInterfaceManager component. While specific versions are not listed, the bug exists in devices that run the carrier restriction logic, including recent Android releases. Any device containing this unpatched code is susceptible.

Risk and Exploitability

With a CVSS score of 10, the vulnerability is critical, but the EPSS score of less than 1% indicates a very low probability of exploitation at present. It is not listed in CISA's KEV catalog. The attack vector is local privilege escalation that requires no user interaction, meaning an attacker with local code execution or physical access can exploit the issue immediately.

Generated by OpenCVE AI on June 17, 2026 at 17:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Android security update that includes the fix for the PhoneInterfaceManager setAllowedCarriers logic error.
  • Restrict carrier configuration changes so that only privileged users or device owner policies can modify carrier settings, preventing unprivileged changes that could bypass restrictions.
  • If a patch is not yet available, upgrade to a newer Android build that removes the flaw and limit the device to trusted applications only.

Generated by OpenCVE AI on June 17, 2026 at 17:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 17 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 17 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Wed, 17 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-17T14:14:37.716Z

Reserved: 2025-10-15T15:40:43.231Z

Link: CVE-2026-0063

cve-icon Vulnrichment

Updated: 2026-06-17T12:54:40.074Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T08:30:04Z

Weaknesses

No weakness.