Logic Error in MainClear.java Allows Unauthorized Factory Reset in Android Devices
CVE-2024-49736

7.8HIGH

Key Information:

Vendor
Google
Status
Android
Vendor
CVE Published:
21 January 2025

Summary

A logic error in the MainClear.java file of Android's codebase allows for a factory reset to be triggered without explicit user consent. This vulnerability leverages a flaw that can lead to a local denial of service, as it does not require additional execution privileges nor user interaction to exploit. The issue underscores the importance of securing user consent in system-level functions to prevent unauthorized actions that can disrupt device usability.

Affected Version(s)

Android 14

Android 13

Android 12L

References

https://source.android.com/security/bulletin/2025-01-01

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.