Description
In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Problem types
Elevation of privilege
Product status
15
14
13
References
android.googlesource.com/...2a9e1253828bf4cfdf5395948f2e78c6
android.googlesource.com/...8d9b817823d8d8d505cc382d3b334f34
source.android.com/security/bulletin/2025-04-01
