CVE-2024-0047
First published: Mon Mar 04 2024(Updated: )
In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for exploitation.
Credit: security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| =14.0 |
Remedy
https://android.googlesource.com/platform/frameworks/base/+/3cd8a2c783fc736627b38f639fe4e239abcf6af1
Remedy
https://android.googlesource.com/platform/frameworks/base/+/bd5cc7f03256b328438b9bc3791c6b811a2f1f17
Remedy
https://android.googlesource.com/platform/frameworks/base/+/f516739398746fef7e0cf1437d9a40e2ad3c10bb
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://android.googlesource.com/platform/frameworks/base/+/3cd8a2c783fc736627b38f639fe4e239abcf6af1
- https://android.googlesource.com/platform/frameworks/base/+/bd5cc7f03256b328438b9bc3791c6b811a2f1f17
- https://android.googlesource.com/platform/frameworks/base/+/f516739398746fef7e0cf1437d9a40e2ad3c10bb
- https://source.android.com/security/bulletin/2024-03-01
- https://source.android.com/docs/security/bulletin/2024-03-01 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-0047?
CVE-2024-0047 has a severity rating that suggests it could lead to a local denial of service.
How do I fix CVE-2024-0047?
To fix CVE-2024-0047, ensure that the affected Android device is updated to a version that addresses this vulnerability.
What does CVE-2024-0047 affect?
CVE-2024-0047 affects Android version 14.0 and its associated device policies.
Can CVE-2024-0047 be exploited remotely?
CVE-2024-0047 cannot be exploited remotely as it requires local conditions to trigger the denial of service.
What causes CVE-2024-0047?
CVE-2024-0047 is caused by a logic error in the code that serializes device policies in UserManagerService.java.
- agent/type
- agent/description
- agent/references
- agent/first-publish-date
- agent/author
- agent/remedy
- agent/severity
- agent/source
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/google
- canonical/android
- version/android/14.0