PT-2025-31495 · Unknown · Tvsettings
Qidan He
·
Published
2025-07-31
·
Updated
2025-07-31
·
CVE-2025-8192
CVSS v4.0
6.9
Medium
| Vector | AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
TvSettings (affected versions not specified)
Description
A TOCTOU race condition exists in
AppRestrictionsFragment.java that allows an attacker to start a malicious activity within the Settings application's system-uid context, leading to the potential for launching any application. This occurs because of a time window between the verification of an Intent and its subsequent use, enabling manipulation of the target component's state and bypassing the original security checks.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tvsettings