CVE-2024-20080Improper Certificate Validation in Google Android

CWE-295Improper Certificate Validation3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
2.4%
top 15.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Google AndroidLinuxfoundation YoctoRdkcentral Rdk-b
Timeline
PublishedJul 1

Description

In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08720039; Issue ID: MSV-1424.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDgoogle/android13.0, 14.0+1
NVDrdkcentral/rdk-b2022q3
NVDlinuxfoundation/yocto2.6, 3.3, 4.0+2

🔴Vulnerability Details

2
CVEList
CVE-2024-20080: In gnss service, there is a possible escalation of privilege due to improper certificate validation2024-07-01
GHSA
GHSA-4mf5-3rxx-7p8f: In gnss service, there is a possible escalation of privilege due to improper certificate validation2024-07-01
CVE-2024-20080 — Improper Certificate Validation | cvebase