Impact
The flaw in Android’s SettingsLib is caused by a missing permission check due to a logic error in the code. This allows a local user to obtain elevated privileges without performing any additional execution beyond normal use of the device. The resulting privilege escalation could enable the attacker to carry out privileged actions on the device. While the description does not explicitly state the confidentiality or integrity consequences, it is inferred that the elevated privileges might provide access to sensitive system data or allow modification of system configuration.
Affected Systems
The vulnerability impacts Google’s Android operating system, specifically the SettingsLib component that manages system settings. No specific Android version or build is mentioned, so any device running the affected component is potentially vulnerable.
Risk and Exploitability
With a CVSS score of 10, the vulnerability is considered maximum severity. The EPSS score is below 1%, indicating a low probability of widespread exploitation. Based on the description, it is inferred that the likely attack vector is local execution on the device without user interaction or additional privileges. Because the flaw is not listed in CISA’s KEV catalog, its critical score underscores the urgency of addressing it.
OpenCVE Enrichment