CVE-2024-34637

Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*
cpe:2.3:o:samsung:android:12.0:smr_sep-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*
cpe:2.3:o:samsung:android:13.0:smr-jun-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jun-2024-r1:*:*:*:*:*:*

History

05 Sep 2024, 18:05

Type Values Removed Values Added
CWE NVD-CWE-Other
CPE cpe:2.3:o:samsung:android:12.0:smr_sep-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:13.0:smr-jun-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jun-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*
First Time Samsung
Samsung android
CVSS v2 : unknown
v3 : 6.2
v2 : unknown
v3 : 5.5
References () https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=09 - () https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=09 - Vendor Advisory

04 Sep 2024, 13:05

Type Values Removed Values Added
Summary
  • (es) El control de acceso inadecuado en WindowManagerService antes de SMR Sep-2024 Release 1 en Android 12, y SMR Jun-2024 Release 1 en Android 13 y Android 14 permite a atacantes locales eludir las restricciones al inicio de servicios desde segundo plano.

04 Sep 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-04 06:15

Updated : 2024-09-05 18:05


NVD link : CVE-2024-34637

Mitre link : CVE-2024-34637

CVE.ORG link : CVE-2024-34637


JSON object : View

Products Affected

samsung

  • android