In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
References
Configurations
Configuration 1 (hide)
|
History
14 Nov 2024, 21:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://android.googlesource.com/platform/frameworks/base/+/67d6e08322019f7ed8e3f80bd6cd16f8bcb809ed - Patch | |
References | () https://source.android.com/security/bulletin/2024-11-01 - Vendor Advisory | |
CPE | cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:* |
|
Summary |
|
|
First Time |
Google android
|
|
CWE | NVD-CWE-noinfo |
13 Nov 2024, 19:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
13 Nov 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-13 18:15
Updated : 2024-11-14 21:42
NVD link : CVE-2024-43093
Mitre link : CVE-2024-43093
CVE.ORG link : CVE-2024-43093
JSON object : View
Products Affected
- android
CWE