exploitDog

CVE-2024-40659

Опубликовано: 11 сент. 2024

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Ссылки

https://android.googlesource.com/platform/packages/modules/RemoteKeyProvisioning/+/c65dce4c6d8d54e47dce79a56e29e2223a2354e6
Mailing List
Patch
https://source.android.com/security/bulletin/2024-09-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00037

Низкий

5.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-120

Связанные уязвимости

GHSA-g3p7-6jrm-6c7q

CVSS3: 5.5

github

больше 1 года назад

In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS

Процентиль: 11%

0.00037

Низкий

5.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-120