CVE-2024-31316

CVSS 7.8 HIGHEPSS 0.1%

In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

Google · Android

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://android.googlesource.com/platform/frameworks/base/+/3457d82f8e265ad615b38f6a2aa3c33f1e100cb9 https://source.android.com/security/bulletin/2024-06-01