CVE-2025-26429
BaseFortify
Publication date: 2025-09-04
Last updated on: 2025-09-05
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 13.0 | |
| android | 14.0 | |
| android | 15.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a denial-of-service (DoS) issue in the Android platform's AppOpsService, specifically in the binder call IAppOpsService#getPackagesForOpsForDevice. A malicious app can exploit this by using an excessive number of attribution tags across many operations, causing the resulting PackageOps object to become too large. This oversized object can exceed the binder transaction size limit, leading to a local DoS condition without needing any special privileges or user interaction. [1]
How can this vulnerability impact me? :
The vulnerability can cause a local denial-of-service (DoS) condition on an affected Android device. This means that certain system services related to app operations may become unresponsive or fail due to the oversized PackageOps object, potentially disrupting normal device functionality. No additional execution privileges or user interaction are required for exploitation, so a malicious app could cause this impact silently. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for denial-of-service conditions related to the AppOpsService binder calls, specifically IAppOpsService#getPackagesForOpsForDevice. Detection involves checking for exceptions or failures caused by oversized PackageOps objects due to excessive attribution tags. While no specific commands are provided, monitoring Android system logs for binder transaction size limit exceptions or unusual behavior in AppOpsService may help identify exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves applying the patch that introduces a threshold limit on the number of attributed operation entries returned in a single binder call, preventing the PackageOps object from exceeding the binder transaction size limit. Ensuring your Android platform is updated with this fix will mitigate the risk of denial-of-service attacks from malicious applications exploiting this vulnerability. [1]