CVE-2024-34637

Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SamsungMobileCNA
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
samsungandroid
12.0
samsungandroid
12.0:smr_sep-2024-r1
samsungandroid
13.0
samsungandroid
13.0:smr-jun-2024-r1
samsungandroid
14.0
samsungandroid
14.0:smr-jun-2024-r1
𝑥
= Vulnerable software versions
References
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=09