Android Notification Policy Desynchronization Vulnerability in Managed Services Component Allowing Local Privilege Escalation

Vulnerability

A vulnerability has been identified in the Android operating system within the ManagedServices.java file. The issue arises in the setPackageOrComponentEnabled function, where improper input validation creates a potential notification policy desynchronization. This vulnerability could lead to local privilege escalation, as it allows a user to gain elevated rights without requiring additional execution privileges or user interaction.

Impact

Exploitation of this vulnerability could result in unauthorized elevation of privileges, allowing a user to gain access to restricted functions or data.

Added: Mar 2, 2026, 7:24 PM

Updated: Mar 2, 2026, 10:12 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Notification Policy Desynchronization Vulnerability in Managed Services Component Allowing Local Privilege Escalation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating