4

CVE-2025-0077

In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version15.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.1% 0.011
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 4 2.5 1.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-1223 Race Condition for Write-Once Attributes

A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race condition issue.

https://source.android.com/security/bulletin/2025-05-01
Vendor Advisory
https://android.googlesource.com/platform/frameworks/base/+/a09b6451c99f8aa99c49a0e584e12be455c414f4
Patch
Product
https://android.googlesource.com/platform/frameworks/base/+/37a4df78c7e1b91066b341b05fb767f27c5da835
Patch
Product
https://android.googlesource.com/platform/frameworks/base/+/3b04c948727c35e6ad429eefc6aaa9c261addf12
Patch
Product
https://android.googlesource.com/platform/frameworks/base/+/5f59ac63cb7042d58dae196e890ec52424ebe8b5
Patch
Product
https://android.googlesource.com/platform/frameworks/base/+/8c290a4d87c27a4ad65757e97ff9e634d9fe865e
Patch
Product
https://android.googlesource.com/platform/frameworks/base/+/c059123b8e9c0920a30f896513116a8b88bfc4e1
Patch
Product