Android Voice Interaction Manager Service Assistant Role Mismanagement Vulnerability
Vulnerability
A vulnerability in the Voice Interaction Manager Service can lead to improper handling of assistant applications. When a user-selected assistant is forcefully stopped, the system may mistakenly revert to the default assistant. This issue arises from a logical error in the code, which can result in unauthorized elevation of privileges by automatically granting the default assistant application the ROLE_ASSISTANT, without requiring any additional permissions. Exploitation of this vulnerability does not involve user interaction.
Impact
Exploitation of this vulnerability allows for local escalation of privileges by improperly assigning the ROLE_ASSISTANT to the default assistant application, without the need for additional execution privileges.
Remediation
Users can update their devices to the May 2025 security patch level to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.