Primary

Context

Samsung DeviceIdService Improper Intent Verification Vulnerability Allowing OAID Reset

Vulnerability

A vulnerability exists in the DeviceIdService prior to the SMR April 2025 Release 1, where improper verification of intent by the broadcast receiver allows local attackers to reset the Open Anonymous Identifier (OAID). This issue affects select devices running Android 13, 14, and 15.

Impact

Exploitation of this vulnerability allows local attackers to reset the Open Anonymous Identifier (OAID), potentially disrupting applications or services that rely on this identifier for tracking or identification purposes.

Remediation

Users can apply the SMR April 2025 Release 1 update to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung DeviceIdService Improper Intent Verification Vulnerability Allowing OAID Reset

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating