CVE-2024-0041

Sažetak

In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove the persistent dot with no additional execution privileges needed. User interaction is not needed for exploitation.

Reference

https://android.googlesource.com/platform/frameworks/base/+/d6f7188773409c8f5ad5fc7d3eea5b1751439e26
https://source.android.com/security/bulletin/2024-02-01
https://android.googlesource.com/platform/frameworks/base/+/d6f7188773409c8f5ad5fc7d3eea5b1751439e26
https://source.android.com/security/bulletin/2024-02-01

CVSS

Base:	7.0
Impact:	5.9
Exploitability:	1.0

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

28-03-2025 - 16:15

Objavljeno

16-02-2024 - 02:15