CVE-2024-0032

EUVD-2024-15835
In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
CISA-ADPADP
6.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
googleandroid
11.0
googleandroid
12.0
googleandroid
12.1
googleandroid
13.0
googleandroid
14.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://android.googlesource.com/platform/frameworks/base/+/a6321142ea43053ea8d0db516eede4c35c5dab18
https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/b2cc552f8e1ed982e6662f64baa2cdbf1acaf777
https://source.android.com/security/bulletin/2025-03-01
https://android.googlesource.com/platform/frameworks/base/+/4af5db76f25348849252e0b8a08f4a517ef842b7
https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/5acd646e0cf63e2c9c0862da7e03531ef0074394
https://source.android.com/security/bulletin/2024-02-01