Vulnerability Details CVE-2024-0041
In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove the persistent dot with no additional execution privileges needed. User interaction is not needed for exploitation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.9%
CVSS Severity
CVSS v3 Score 7.0
References
- https://android.googlesource.com/platform/frameworks/base/+/d6f7188773409c8f5ad5fc7d3eea5b1751439e26
- https://source.android.com/security/bulletin/2024-02-01
- https://android.googlesource.com/platform/frameworks/base/+/d6f7188773409c8f5ad5fc7d3eea5b1751439e26
- https://source.android.com/security/bulletin/2024-02-01