Primary

Context

Android Settings App Elevation of Privilege Vulnerability

Vulnerability

A vulnerability in the Android Settings application allows for a local elevation of privilege by bypassing factory reset protections. This issue arises from a missing permission check in the 'shouldSkipForInitialSUW' method of 'AdvancedPowerUsageDetail.java'. Exploitation of this vulnerability does not require any additional execution privileges or user interaction.

Impact

Exploitation of this vulnerability could lead to unauthorized access to elevated privileges, allowing a user to perform actions or access resources that are normally restricted.

Reproduction

To reproduce this vulnerability, initiate a factory reset on the device. Once the reset is complete, use ADB (Android Debug Bridge) to launch the app battery usage information page. The app should close automatically, indicating that the factory reset protection bypass has been successful.

Remediation

Users can update their devices to the October 2024 security patch level to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.3

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.3

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Settings App Elevation of Privilege Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating