ASB-A-313428840 — Vulnetix

ASB-A-313428840 PUBLISHED

In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	frameworks/base	14-next:0, 14-next, 12:0

Timeline

Jun 1, 2024 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2024-06-01 advisory
https://android.googlesource.com/platform/frameworks/base/+/b68b257d56a8600d53b4d2d06fb82aa44086a4a5 patch

Open in Interactive Console →