Race condition in AndroidTV TvSettings

July 31, 2025 invoker category_cve

CVE Details

Basic Information

Title Race condition in AndroidTV TvSettings
Type cve
Published 2025-07-31T08:24:26.612Z
Modified 2025-07-31T08:24:26.612Z

Product Information

Vendor Android
Product TV
Version 0

CVSS Information

Base Score 6.9 (MEDIUM)
Attack Vector CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N

Affected Products

  • Android TV 0

Additional Information

CWE List CWE-367
Source Google

Description

There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Intent to change the target component’s state, thus bypass the original security sanitize function.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.