CVE-2024-40653
published 2025-09-02CVE-2024-40653: In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the…
high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | packages_services_telecomm | >= 13:0 < 13:2025-04-01 | 13:2025-04-01 |
| platform | packages_services_telecomm | >= 14:0 < 14:2025-04-01 | 14:2025-04-01 |
| platform | packages_services_telecomm | >= 15-next:0 < 15-next:2025-04-01 | 15-next:2025-04-01 |
| platform | packages_services_telecomm | >= 15:0 < 15:2025-04-01 | 15:2025-04-01 |
Android
CVE-2024-40653: Android Security Bulletin 2025-04-01
CVE: CVE-2024-40653
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15
References: A-293458004
[2]
[3]
vendor_android·2025-04-01·CVSS 7.3
CVE-2024-40653 [HIGH] CVE-2024-40653: Android Security Bulletin 2025-04-01
CVE: CVE-2024-40653
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15
References: A-293458004
[2]
[3]
Android Security Bulletin 2025-04-01
CVE: CVE-2024-40653
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15
References: A-293458004
[2]
[3]
GHSA
GHSA-54rj-pgcv-9wq8: In multiple functions of ConnectionServiceWrapper
ghsa_unreviewed·2025-09-03
CVE-2024-40653 GHSA-54rj-pgcv-9wq8: In multiple functions of ConnectionServiceWrapper
In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
OSV
CVE-2024-40653: In multiple functions of ConnectionServiceWrapper
osv·2025-04-01
CVE-2024-40653 CVE-2024-40653: In multiple functions of ConnectionServiceWrapper
In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://android.googlesource.com/platform/packages/services/Telecomm/+/12016109c473d8d880333556726b1dcbce041e41https://android.googlesource.com/platform/packages/services/Telecomm/+/9211d16c49de08a87e2e09380f6076ffd5196987https://android.googlesource.com/platform/packages/services/Telecomm/+/c6e005381b8f0b80f2a1e0ea6e8093e990e1790ehttps://source.android.com/security/bulletin/2025-04-01
2025-09-02
Published