CVE-2024-0044

Public Exploit

Description

In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Link	Tags
https://android.googlesource.com/platform/frameworks/base/+/954b2874b85b6cd0d6bb12cd677cdf22e5dbd77b
https://android.googlesource.com/platform/frameworks/base/+/836750619a8bce0bf78fe0549f9990e294671563
https://source.android.com/security/bulletin/2024-10-01
https://android.googlesource.com/platform/frameworks/base/+/65bd134b0a82c51a143b89821d5cdd00ddc31792	mailing list patch
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2	third party advisory
https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html	exploit third party advisory
https://source.android.com/security/bulletin/2024-03-01	not applicable

Frequently Asked Questions

What is the severity of CVE-2024-0044?: CVE-2024-0044 has been scored as a medium severity vulnerability.
How to fix CVE-2024-0044?: To fix CVE-2024-0044, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-0044 being actively exploited in the wild?: It is possible that CVE-2024-0044 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~5% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-0044?: CVE-2024-0044 affects Google Android.

Description

Categories

CWE-74 – Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-75 – Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

References

Frequently Asked Questions