In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local…

In InputMethodEditor, there is a possible way to access some files accessible to Settings due to an unsafe PendingIntent. This could lead to local information…

In WindowManager, there is a possible way to start non-exported and protected activities due to a missing permission check. This could lead to local escalation…

In PackageManager, there is a possible way to change the splash screen theme of other apps due to a missing permission check. This could lead…

In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to…

In Bubbles, there is a possible way to interfere with Bubbles due to a permissions bypass. This could lead to local escalation of privilege with…

In DomainVerificationService, there is a possible way to access app domain verification information due to a missing permission check. This could lead to local information…

In ContextImpl, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could…

In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure.…

In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could…