Android Framework Lock Screen Bypass Vulnerability Allowing Privilege Escalation
Vulnerability
A logic error in the Android Framework has created a potential lock screen bypass. This vulnerability allows for local escalation of privilege without requiring additional execution privileges or user interaction. The issue is present in multiple components, including the main Android Framework and the Settings application.
Impact
Exploitation of this vulnerability could lead to unauthorized access or modifications within the system, allowing a user to gain elevated privileges.
Reproduction
The vulnerability can be reproduced by attempting to modify biometric-protected package settings, such as disabling or force-stopping the package. This action will inadvertently bypass the lock screen requirement, allowing unauthorized changes to be made.
Remediation
Users can update their devices to the May 2025 security patch level to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.