How CVE-2025-20665 Works
CVE-2025-20665 is an information disclosure vulnerability in Android’s `devinfo` component caused by a missing SELinux policy. The flaw allows unauthorized access to device identifiers without requiring elevated privileges or user interaction. Attackers can exploit this by directly querying the vulnerable component, bypassing SELinux restrictions due to improper policy enforcement. The exposed data includes hardware-specific identifiers that could be used for tracking or further attacks. MediaTek patched this in ALPS09555228 by implementing proper SELinux domain isolation for devinfo.
DailyCVE Form
Platform: Android
Version: MediaTek chipsets
Vulnerability: Information disclosure
Severity: Medium
Date: 05/06/2025
What Undercode Say:
Exploitation:
adb shell cat /sys/devinfo/[bash]
Detection:
adb shell ls -Z /sys/devinfo | grep unlabeled
Mitigation:
1. Apply MediaTek patch ALPS09555228
2. Custom SELinux policy:
type devinfo_device, dev_type, fs_type; type_transition init devinfo_device:file devinfo_data_file;
Verification:
adb shell getenforce adb shell dmesg | grep avc
Impact Analysis:
- Exposed identifiers: IMEI, serial_no
- Attack surface: Local only
Debugging:
adb logcat | grep devinfo audit2allow -i avc.log
Temporary Workaround:
adb shell chmod 600 /sys/devinfo/ adb shell setenforce 1
References:
- MTK Security Bulletin MSV-2760
- AOSP SELinux policy guidelines
- CVE-2025-20665 NVD entry
Vulnerable Code Pattern:
fd = open("/sys/devinfo/hw_id", O_RDONLY);
read(fd, buf, sizeof(buf)); // No SELinux check
Patched Code:
enforce_security_context("/sys/devinfo");
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
