Description
In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Problem types
Elevation of privilege
Product status
15
References
android.googlesource.com/...c99f8aa99c49a0e584e12be455c414f4
android.googlesource.com/...c7e1b91066b341b05fb767f27c5da835
android.googlesource.com/...727c35e6ad429eefc6aaa9c261addf12
android.googlesource.com/...cb7042d58dae196e890ec52424ebe8b5
android.googlesource.com/...87c27a4ad65757e97ff9e634d9fe865e
android.googlesource.com/...8e9c0920a30f896513116a8b88bfc4e1
source.android.com/security/bulletin/2025-05-01
