7.7
CVE-2024-34731
- EPSS 0.11%
- Veröffentlicht 15.08.2024 22:15:06
- Zuletzt bearbeitet 17.12.2024 18:12:43
- Quelle security@android.com
- CVE-Watchlists
- Unerledigt
In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.014 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.7 | 2.5 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
CWE-368 Context Switching Race Condition
A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker to modify or misrepresent the product's behavior during the switch.
https://source.android.com/security/bulletin/2024-08-01
https://android.googlesource.com/platform/frameworks/av/+/4b68b00993849b6a7f0e6d075bc2c8bb2e184e61
https://android.googlesource.com/platform/hardware/interfaces/+/0ff19d1f89614fce9454fb415bcbfcbcf3caf76e
https://android.googlesource.com/platform/hardware/interfaces/+/d63d09261806f7f1aa01406867f2a9e169356fca
https://android.googlesource.com/platform/system/nfc/+/1037992b9abcde1e3560bd895f62644a68563b3d
https://android.googlesource.com/platform/system/security/+/d3805312d73433e34ef69a645b553a2969c5dc93