CVE-2024-0044

Published Mar 11, 2024

Last updated 4 months ago

Overview

Description: In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source: security@android.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-75

Hype score: Not currently trending

CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13https://github.com/pl4int3xt/cve_2024_0044
@SNOWDEN69200694
Oct 27, 2024 10:19 PM
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References