Android MmsProvider Deletes Files, Crashes Telephony Services

Summary

A bug in Android's MmsProvider can allow an attacker to delete files, disrupting SMS and MMS services. This is a problem because it could cause service outages, affecting users' ability to send and receive messages. To mitigate this, apply the latest security patch from your Android provider.

What to do

Update google platform/packages/providers/telephonyprovider to version 16-qpr2-next:2026-03-01.
Update google platform/packages/providers/telephonyprovider to version 15:2026-03-01.
Update google platform/packages/providers/telephonyprovider to version 16:2026-03-01.
Update google platform/packages/providers/telephonyprovider to version 14:2026-03-01.

Affected software

Vendor	Product	Affected versions	Fix available
google	android	14.0	–
google	android	15.0	–
google	android	16.0	–
google	platform/packages/providers/telephonyprovider	> 16-qpr2-next:0 , <= 16-qpr2-next:2026-03-01	16-qpr2-next:2026-03-01
google	platform/packages/providers/telephonyprovider	> 15:0 , <= 15:2026-03-01	15:2026-03-01
google	platform/packages/providers/telephonyprovider	> 16:0 , <= 16:2026-03-01	16:2026-03-01
google	platform/packages/providers/telephonyprovider	> 14:0 , <= 14:2026-03-01	14:2026-03-01

Original title

In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to...

Original description

In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

nvd CVSS3.1 9.1

Vulnerability type

CWE-400 Uncontrolled Resource Consumption