Back

CVE-2024-0022

May 7, 2024, 9:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Android

  • UNKNOWN

Source

security@android.com

Tags

2024-05-07
CVE-2024-0022
security@android.com

CVE-2024-0022 details

Published : May 7, 2024, 9:15 p.m.
Last Modified : May 7, 2024, 9:15 p.m.

Description

In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://android.googlesource.com/platform/frameworks/base/+/bdf1cce569c9700965ff6baee8efd3fb1e8269e8 security@android.com
https://source.android.com/security/bulletin/2024-04-01 security@android.com
This website uses the NVD API, but is not approved or certified by it.