CVE-2024-32896: there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges…

high7.8CVSS 3.1

AVLACLPRNUIRSUCHIHAH

KEVITW

CISA Known Exploited Vulnerabilitydue 2024-07-04

Exploited in the wild

there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Affected

20 ranges

Vendor	Product	Version range	Fixed in
google	android	—	—
google	android	—	—
platform	build_soong	>= 14-next:0 < 14-next:2024-06-05	14-next:2024-06-05
platform	build_soong	>= 15-next:0 < 15-next:2024-09-01	15-next:2024-09-01
platform	frameworks_base	>= 12:0 < 12:2024-09-01	12:2024-09-01
platform	frameworks_base	>= 12L:0 < 12L:2024-09-01	12L:2024-09-01
platform	frameworks_base	>= 13:0 < 13:2024-09-01	13:2024-09-01
platform	frameworks_base	>= 14-next:0 < 14-next:2024-06-05	14-next:2024-06-05
platform	frameworks_base	>= 14:0 < 14:2024-06-05	14:2024-06-05
platform	frameworks_base	>= 14:0 < 14:2024-09-01	14:2024-09-01
platform	frameworks_base	>= 15-next:0 < 15-next:2024-09-01	15-next:2024-09-01
platform	hardware_interfaces	>= 14-next:0 < 14-next:2024-06-05	14-next:2024-06-05
platform	hardware_interfaces	>= 15-next:0 < 15-next:2024-09-01	15-next:2024-09-01
platform	system_sepolicy	>= 12:0 < 12:2024-09-01	12:2024-09-01
platform	system_sepolicy	>= 12L:0 < 12L:2024-09-01	12L:2024-09-01
platform	system_sepolicy	>= 13:0 < 13:2024-09-01	13:2024-09-01
platform	system_sepolicy	>= 14-next:0 < 14-next:2024-06-05	14-next:2024-06-05
platform	system_sepolicy	>= 14:0 < 14:2024-06-05	14:2024-06-05
platform	system_sepolicy	>= 14:0 < 14:2024-09-01	14:2024-09-01
platform	system_sepolicy	>= 15-next:0 < 15-next:2024-09-01	15-next:2024-09-01

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

vulncheck7.8HIGH

cisa7.8HIGH