CVE-2025-26444

Name of the Vulnerable Software and Affected Versions Android (affected versions not specified)

Description A flaw exists in the VoiceInteractionManagerService.java component within the Android operating system. Specifically, a logic error in the onHandleForceStop function can cause the system to revert to the default assistant application when a user-selected assistant is forcibly stopped. This can lead to a local escalation of privilege, granting the default assistant app the ROLE ASSISTANT permission without requiring additional execution privileges. Exploitation does not require user interaction. The vulnerability is related to a buffer copy operation without proper input size validation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.