CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-40660

In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.8%

CVSS Severity

CVSS v3 Score 7.8

References

https://android.googlesource.com/platform/frameworks/native/+/064ce6e3235b6318be1e41f1bac9595a98e4aafa
https://android.googlesource.com/platform/frameworks/native/+/b6ddf525be3c2abbde59ae1533494b18a7961087
https://source.android.com/security/bulletin/2024-11-01

Products affected by CVE-2024-40660

Google » Android » Version: 14.0

cpe:2.3:o:google:android:14.0
Google » Android » Version: 15.0

cpe:2.3:o:google:android:15.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-40660

Products

Pricing

Contact Us