Local Privilege Escalation Vulnerability in Android Companion Device Manager
CVE-2024-49732

7.8HIGH

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 21 January 2025

Summary

A vulnerability exists within the Companion Device Manager that allows for unauthorized granting of permissions due to insufficient checks in multiple functions of CompanionDeviceManagerService.java. This oversight could facilitate local privilege escalation without requiring any user interaction, posing a significant security risk to users. Malicious entities could exploit this flaw to gain elevated access to system functionalities, potentially compromising user data and system integrity.

Affected Version(s)

Android 15

References

https://source.android.com/security/bulletin/2025-01-01

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2025