Possible Memory Corruption in TranscodingResourcePolicy.cpp Leads to Local Escalation of Privilege
CVE-2024-34731

7HIGH

Key Information:

Vendor
Google
Status
Android
Vendor
CVE Published:
15 August 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

The vulnerability in the TranscodingResourcePolicy.cpp file stems from a race condition that may lead to memory corruption. This flaw permits a local escalation of privilege, allowing an attacker to gain access to restricted functionalities without requiring additional execution privileges. Notably, user interaction is not necessary for the exploitation, making it a critical concern for security on affected Android products. System integrity may be compromised, emphasizing the need for immediate attention and remediation to protect user data and system resources.

Affected Version(s)

Android 14

Android 13

Android 12L

News Articles

favicon imageantihackingonline.com

Application Development | Cyber security technical information

Preface: Android frameworks deliver an environment where you already have access to libraries, best practices, and extensive help documentation. As a matter of fact, there are well over ten android...

1 week ago

References

https://android.googlesource.com/platform/hardware/interf...
https://android.googlesource.com/platform/frameworks/av/+...
https://android.googlesource.com/platform/hardware/interf...

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by antihackingonline.com

  • Vulnerability published

  • Vulnerability Reserved

.