Possible Local Escalation of Privilege Vulnerability in DreamService.java

CVE-2024-0015

Currently unrated 🤨

Key Information

Vendor: Google
Status: Android
Vendor: CVE Published:; 16 February 2024

Badges

👾 Exploit Exists🔴 Public PoC

Summary

In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Affected Version(s)

Android = 13

Android = 12L

Android = 12

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-0015
Created by UmVfX1BvaW50

Timeline

👾
Exploit exists.
Aug 29, 2024
Vulnerability published.
Feb 16, 2024
Vulnerability Reserved.
Nov 16, 2023

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)