CVE-2025-48538

GHSA-2qmf-q38x-5h24

In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

BDU:2025-11684

Уязвимость функции setApplicationHiddenSettingAsUser() модуля PackageManagerService.java операционных систем Android, позволяющая нарушителю вызвать отказ в обслуживании