In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Configurations
History
21 Nov 2024, 21:26
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CPE | cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
CWE | NVD-CWE-noinfo | |
References | () https://android.googlesource.com/platform/frameworks/base/+/3cd8a2c783fc736627b38f639fe4e239abcf6af1 - Patch | |
References | () https://android.googlesource.com/platform/frameworks/base/+/bd5cc7f03256b328438b9bc3791c6b811a2f1f17 - Patch | |
References | () https://android.googlesource.com/platform/frameworks/base/+/f516739398746fef7e0cf1437d9a40e2ad3c10bb - Patch | |
References | () https://source.android.com/security/bulletin/2024-03-01 - Patch, Vendor Advisory | |
First Time |
Google
Google android |
11 Mar 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-11 17:15
Updated : 2024-11-21 21:26
NVD link : CVE-2024-0047
Mitre link : CVE-2024-0047
CVE.ORG link : CVE-2024-0047
JSON object : View
Products Affected
- android
CWE