In RestrictionsManager, there is a possible way to send a broadcast that should be restricted to system apps due to a permissions bypass. This could…

In bluetooth, there is a possible way to enable or disable bluetooth connection without user consent due to a missing permission check. This could lead…

In Companion, there is a possible way to keep a service running with elevated importance without showing foreground service notification due to improper input validation.…

In Settings, there is a possible way to bypass factory reset permissions due to a permissions bypass. This could lead to local escalation of privilege…

In ActivityManager, there is a way to read process state for other users due to a missing permission check. This could lead to local information…

In ActivityManager, there is a possible way to check another process’s capabilities due to a missing permission check. This could lead to local information disclosure…

In LocationManager, there is a possible way to get location information due to a missing permission check. This could lead to local information disclosure with…

In the Phone app, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the…

In Telephony, there is a possible leak of ICCID and EID due to a missing permission check. This could lead to local information disclosure with…

In Bluetooth, there is a possible way to bypass compiler exploit mitigations due to a configuration error. This could lead to local escalation of privilege…