Android Voice Interaction Manager Service Component Name Persistence Vulnerability Allowing Privilege Escalation
Vulnerability
A vulnerability in the Voice Interaction Manager Service can cause a third-party application's component name to remain active even after the app is uninstalled. This issue arises from a logic error in the code, which can lead to local privilege escalation without requiring additional execution privileges or user interaction.
Impact
Exploitation of this vulnerability allows for local escalation of privilege.
Reproduction
To reproduce this vulnerability, install a third-party application that defines a voice recognition service. Ensure that no default or system voice recognizer is set on the device. After the application is installed, the component name may persist even after the app is uninstalled, indicating a failure to properly reset the voice recognition service.
Remediation
Users can update their devices to the December 2025 security patch level, which addresses this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.