CVE-2024-0048
HIGHDescription
In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| android | |
| android | |
| android | |
| android |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-0048? +
How severe is CVE-2024-0048? +
What products are affected by CVE-2024-0048? +
How do I check if I'm vulnerable to CVE-2024-0048? +
Related Vulnerabilities
The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account …
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions …
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection …
AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection …
A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server …
Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an …