CVE-2024-40672

In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS

No CVSS.

References

Link	Resource
https://android.googlesource.com/platform/packages/modules/IntentResolver/+/ccd29124d0d2276a3071c0418c14dec188cd3727	Product
https://source.android.com/security/bulletin/2024-10-01	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:google:android:12.0:::::::*
	cpe:2.3:o:google:android:12.1:::::::*
	cpe:2.3:o:google:android:13.0:::::::*
	cpe:2.3:o:google:android:14.0:::::::*

History

18 Apr 2025, 02:14

Type	Values Removed	Values Added
First Time		Google android Google
CPE		cpe:2.3:o:google:android:12.1:::::::* cpe:2.3:o:google:android:13.0:::::::* cpe:2.3:o:google:android:12.0:::::::* cpe:2.3:o:google:android:14.0:::::::*
References	~~() https://source.android.com/security/bulletin/2024-10-01 -~~	() https://source.android.com/security/bulletin/2024-10-01 - Vendor Advisory
References	~~() https://android.googlesource.com/platform/packages/modules/IntentResolver/+/ccd29124d0d2276a3071c0418c14dec188cd3727 -~~	() https://android.googlesource.com/platform/packages/modules/IntentResolver/+/ccd29124d0d2276a3071c0418c14dec188cd3727 - Product

28 Jan 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-28 20:15

Updated : 2025-04-18 02:14

NVD link : CVE-2024-40672

Mitre link : CVE-2024-40672

JSON object : View

Products Affected

google

android

CWE

No CWE.

JSON object

Attach tags to CVE-2024-40672

Attach tags to `CVE-2024-40672`