Description

In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Related CPE's

o

google

android

2

References

https://android.googlesource.com/platform/frameworks/base/+/9722ce9d733edab76163fbcd21b231424e3d7061

Mailing ListPatch

https://android.googlesource.com/platform/frameworks/base/+/df49e0e3083b0707e2cca5a5956b49f14ded078e

Mailing ListPatch

https://source.android.com/security/bulletin/2024-07-01

PatchVendor Advisory

https://android.googlesource.com/platform/frameworks/base/+/9722ce9d733edab76163fbcd21b231424e3d7061

Mailing ListPatch

https://android.googlesource.com/platform/frameworks/base/+/df49e0e3083b0707e2cca5a5956b49f14ded078e

Mailing ListPatch

https://source.android.com/security/bulletin/2024-07-01

PatchVendor Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-269CWE-284

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-07-09T19:15:13.373Z

1 year ago

Last modified

2024-12-17T18:07:28.027Z

1 year ago