Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
6.2

Android AppOpsService can be crashed by invalid input

CVE-2026-0014 ASB-A-443742082
Summary

A flaw in Android's AppOpsService can be exploited by sending it bad data, which can cause it to crash. This can happen without any action from the user. To stay safe, ensure you have the latest Android updates installed.

What to do
  • Update google platform/frameworks/base to version 16-qpr2-next:2026-03-01.
  • Update google platform/frameworks/base to version 15:2026-03-01.
  • Update google platform/frameworks/base to version 16:2026-03-01.
  • Update google platform/frameworks/base to version 16-qpr2:2026-03-01.
  • Update google platform/frameworks/base to version 14:2026-03-01.
Affected software
VendorProductAffected versionsFix available
google android 14.0
google android 15.0
google android 16.0
google android 16.0
google android 16.0
google android 16.0
google platform/frameworks/base > 16-qpr2-next:0 , <= 16-qpr2-next:2026-03-01 16-qpr2-next:2026-03-01
google platform/frameworks/base > 15:0 , <= 15:2026-03-01 15:2026-03-01
google platform/frameworks/base > 16:0 , <= 16:2026-03-01 16:2026-03-01
google platform/frameworks/base > 16-qpr2:0 , <= 16-qpr2:2026-03-01 16-qpr2:2026-03-01
google platform/frameworks/base > 14:0 , <= 14:2026-03-01 14:2026-03-01
Original title
In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional exec...
Original description
In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd CVSS3.1 6.2
Vulnerability type
CWE-20 Improper Input Validation
Published: 1 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026