Android USB Data Access Race Condition Vulnerability Allowing Privilege Escalation
Vulnerability
A race condition vulnerability has been identified in the UsbDataAdvancedProtectionHook.java file, allowing unauthorized access to USB data when the screen is off. This vulnerability could lead to local privilege escalation without requiring additional execution privileges or user interaction.
Impact
Exploitation of this vulnerability could result in unauthorized access to USB data, potentially leading to local privilege escalation.
Remediation
Users can update to Android 16 QPR2 with a security patch level of 2025-12-01 or later to address this vulnerability.
Added: Dec 8, 2025, 6:19 PM
Updated: Dec 8, 2025, 6:33 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
4.3remediation
0.0relevance
1.3threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.