VDB
CISA-2024-0035
CISA-2024-0035
PUBLISHED
CVSS 7.4 HIGH
Reported by google_android · Published February 16, 2024
In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Risk Scores
CVSS 3.1
7.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 14, 13, 12L | |
| android | 12.0, 12.0l, 14.0 | |
| Android | 14, 13, 12L |
Timeline
- Feb 16, 2024 CVE Published
- Aug 28, 2024 CVE Updated