CVE-2024-0035

Cyber Sec — Sat, 25 May 2024 06:14:58 +0000

Description

In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

MISC:https://android.googlesource.com/platform/frameworks/base/+/7b7fff1eb5014d12200a32ff9047da396c7ab6a4
URL:https://android.googlesource.com/platform/frameworks/base/+/7b7fff1eb5014d12200a32ff9047da396c7ab6a4
MISC:https://source.android.com/security/bulletin/2024-02-01
URL:https://source.android.com/security/bulletin/2024-02-01

CVE-2024-0035 - Common Vulnerabilities and Exposures

CVE-2024-0035