This vulnerability in Android 17 involves the tryStartActivity function within NfcDispatcher.java, where an insecure default setting can lead to automatic granting of special app access permissions. This flaw allows a local attacker to escalate privileges without needing further execution rights or user interaction. The CVSS 4.0 base score is 10.0, indicating critical severity with network attack vector, low attack complexity, no privileges required, no user interaction, and high impacts on confidentiality, integrity, availability, and security requirements. No official patch or remediation guidance has been published yet.

A local attacker can gain elevated privileges on an affected Android 17 device without requiring additional execution privileges or user interaction. This could compromise device confidentiality, integrity, and availability due to the automatic assignment of special app access permissions.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution with NFC-related app permissions and avoid installing untrusted applications that might exploit this vulnerability.