CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-31317

In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.028

EPSS Ranking 85.4%

CVSS Severity

CVSS v3 Score 7.8

References

https://android.googlesource.com/platform/frameworks/base/+/e25a0e394bbfd6143a557e1019bb7ad992d11985
https://source.android.com/security/bulletin/2024-06-01
https://android.googlesource.com/platform/frameworks/base/+/e25a0e394bbfd6143a557e1019bb7ad992d11985
https://source.android.com/security/bulletin/2024-06-01

Products affected by CVE-2024-31317

Google » Android » Version: 12.0

cpe:2.3:o:google:android:12.0
Google » Android » Version: 12.1

cpe:2.3:o:google:android:12.1
Google » Android » Version: 13.0

cpe:2.3:o:google:android:13.0
Google » Android » Version: 14.0

cpe:2.3:o:google:android:14.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-31317

Products

Pricing

Contact Us