Primary

Context

Android Framework Resource Exhaustion Vulnerability Leading to Local Denial-of-Service

Vulnerability

A resource exhaustion vulnerability has been identified in the Android Framework, specifically in the Blob Store Manager. This issue arises in the 'allowPackageAccess' function across multiple files, where an attacker can cause resource depletion by repeatedly adding allowed packages. The result is a local, persistent denial-of-service condition that does not require additional execution privileges or user interaction for exploitation.

Impact

Exploitation of this vulnerability can lead to a local, persistent denial-of-service condition, causing the affected device to become unresponsive or unavailable for a period of time.

Remediation

Users can update their devices to the June 2025 security patch level to address this vulnerability.

Added: Sep 4, 2025, 6:42 PM

Updated: Sep 4, 2025, 6:42 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.5

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.5

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Framework Resource Exhaustion Vulnerability Leading to Local Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating