Android Print Manager Service Cross-User Image Leak Vulnerability Allowing Privilege Escalation

A vulnerability has been identified in the Print Manager Service component of Android, specifically in the validateIconUserBoundary function. This issue arises from a confused deputy problem, leading to a potential cross-user image leak. Exploitation of this vulnerability could result in local privilege escalation, with no additional execution privileges required. User interaction is not necessary for exploitation. The vulnerability affects Android versions 13, 14, 15, and 16.

Impact

Exploitation of this vulnerability could lead to unauthorized access to user images across different accounts, potentially allowing for misuse of this information. Additionally, it could facilitate local privilege escalation, enabling a user to gain elevated rights or access within the system.

Reproduction

To reproduce this vulnerability, a specially crafted URI can be used to trick the system into leaking image data from one user to another. This can be done by manipulating the URI to include incorrect user information, which the Print Manager Service will then process, leading to the unintended image leak.

Remediation

Users can update their devices to the December 2025 security patch level to address this vulnerability.