CVE-2024-31320
Description
In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CWE
- CWE-269 — CWE-269 Improper Privilege Management
- CWE-284 — CWE-284 Improper Access Control
Affected
- Google / Android — v=12L [affected]; v=12 [affected]
CVSS
- (none)
References
- https://android.googlesource.com/platform/frameworks/base/+/9722ce9d733edab76163fbcd21b231424e3d7061
- https://android.googlesource.com/platform/frameworks/base/+/df49e0e3083b0707e2cca5a5956b49f14ded078e
- https://source.android.com/security/bulletin/2024-07-01
Source
cvelistV5-main/cves/2024/31xxx/CVE-2024-31320.json