VDB

CISA-2024-34723

CISA-2024-34723 PUBLISHED CVSS 5.3 MEDIUM

Reported by google_android · Published July 9, 2024

In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Risk Scores

CVSS 3.1
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Affected Products

VendorProductVersions
GoogleAndroid14, 13, 12L
GoogleAndroid12, 14, 13
googleandroid12, 12L, 14

Timeline

  • Jul 9, 2024 CVE Published
  • Aug 2, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›