Google Android elevation of privilege vulnerability (CNVD-2025-30722)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the code of multiple functions in RoleService.java, which can be exploited by an attacker to gain elevated privileges on the system...

ASB-A-379362792

In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This could lead to local escalation of privilege on versions of Android where android.permission.MANAGEDEFAULTAPPLICATIONS was not defined with no additional executi...

CVE-2022-20538

Summary: CVE-2022-20538 affects Android 13 in the getSmsRoleHolder path of RoleService.java. A side-channel information disclosure can let an attacker determine if an app is installed without query permissions, enabling local information disclosure with no extra execution privileges and no user i...

PT-2022-14751 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version 13 Description: The issue is related to a side channel information disclosure in the getSmsRoleHolder function of RoleService.java. This could allow an attacker to determine whether an app is installed without requiring query...

PUB-A-235601770

In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not...