Impact
This vulnerability resides in the smmu_attach_dev function of arm-smmu-v3.c and allows an attacker to sign malicious Android Runtime bootclass artifacts without the required permission check. The lack of authorization enables a local escalation of privilege; once the artifacts are signed, an attacker can execute code with higher privileges than originally granted. No additional execution privileges are needed and no user interaction is required, meaning the flaw can be abused by any local user with sufficient access to the device environment.
Affected Systems
The flaw affects Google Android systems, as noted by the manufacturer’s security bulletin for Pixel devices. No specific Android version numbers are provided in the advisory, so the risk applies to any affected build until the vendor releases a patch.
Risk and Exploitability
The CVSS score of 7.8 classifies this issue as high severity. The EPSS figure of less than 1% indicates that widespread exploitation has not been observed, yet the flaw remains available for local attackers. Because the access or user interaction, an adversary with physical possession or remote local access to a device can directly sign unauthorized artifacts and gain elevated privileges. The issue is not listed in the CISA KEV catalog, implying it has not yet been confirmed as exploited in the wild, but its high impact warrants immediate attention.
OpenCVE Enrichment