Improper Access Control in ActivityManager Leads to Privileged Behaviors
CVE-2024-34662

7.8HIGH

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 8 October 2024

Summary

A vulnerability exists in the ActivityManager of the Android operating system, specifically affecting certain versions of Android 12, 13, and 14. This flaw allows local attackers to bypass security measures and execute privileged behaviors, potentially compromising the integrity of the device. The issue is present in versions prior to the SMR Oct-2024 Release 1 for Android 12 and 13, and SMR Sep-2024 Release 1 for Android 14. Users are advised to update their devices to mitigate potential risks arising from this vulnerability.

Affected Version(s)

Samsung Mobile Devices SMR Oct-2024 Release in SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
May 7, 2024