CVE-2024-0048

EPSS 0.02%
Published 11.03.2024 17:15:45
Last modified 16.12.2024 19:47:07
Source security@android.com
Teams watchlist Login
Open Login

In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Android Version12.0

Google ≫ Android Version12.1

Google ≫ Android Version13.0

Google ≫ Android Version14.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.036

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-230 Improper Handling of Missing Values

The product does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.

https://source.android.com/security/bulletin/2024-03-01

Patch

Vendor Advisory

https://android.googlesource.com/platform/frameworks/base/+/2c236cde5505ee0e88cf1e3d073e2f1a53f0eede

Patch

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2024-0048

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0048

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0048

EUVD