VDB

CISA-2024-34739

CISA-2024-34739 PUBLISHED CVSS 7.8 HIGH

Reported by google_android · Published August 15, 2024

In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Risk Scores

CVSS 3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
GoogleAndroid14, 13
googleandroid12l, 12.0, 13.0
GoogleAndroid14, 13, 14

Timeline

  • Aug 15, 2024 CVE Published
  • Sep 11, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›