CVE-2024-31320
First published: Mon Jul 01 2024(Updated: )
In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Credit: security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Google Android | =12.0 | |
| Google Android | =12.1 |
Remedy
https://android.googlesource.com/platform/frameworks/base/+/9722ce9d733edab76163fbcd21b231424e3d7061
Remedy
https://android.googlesource.com/platform/frameworks/base/+/df49e0e3083b0707e2cca5a5956b49f14ded078e
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://android.googlesource.com/platform/frameworks/base/+/9722ce9d733edab76163fbcd21b231424e3d7061
- https://android.googlesource.com/platform/frameworks/base/+/df49e0e3083b0707e2cca5a5956b49f14ded078e
- https://source.android.com/security/bulletin/2024-07-01
- https://source.android.com/docs/security/bulletin/2024-07-01 (Advisory)
- https://www.theregister.com/2024/07/10/july_2024_patch_tuesday/
Frequently Asked Questions
What is the severity of CVE-2024-31320?
CVE-2024-31320 has a critical severity level due to its potential for local escalation of privileges.
How does CVE-2024-31320 affect Android devices?
CVE-2024-31320 allows the establishment of a companion device association without user confirmation on affected Android versions.
Which versions of Android are impacted by CVE-2024-31320?
CVE-2024-31320 affects Google Android versions 12.0 and 12.1.
How do I fix CVE-2024-31320?
To address CVE-2024-31320, ensure that your Android device is updated to the latest security patches provided by Google.
Is user interaction required to exploit CVE-2024-31320?
No, exploitation of CVE-2024-31320 does not require any user interaction.
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- collector/the-register
- source/The Register
- alias/CVE-2024-38080
- alias/CVE-2024-38112
- alias/CVE-2024-35264
- alias/CVE-2024-37985
- alias/CVE-2024-38074
- alias/CVE-2024-38076
- alias/CVE-2024-38077
- alias/CVE-2024-38060
- alias/CVE-2024-38023
- alias/CVE-2024-34123
- alias/CVE-2024-20781
- alias/CVE-2024-20782
- alias/CVE-2024-20783
- alias/CVE-2024-20785
- alias/CVE-2024-34139
- alias/CVE-2024-34140
- alias/CVE-2024-26006
- alias/CVE-2024-26015
- alias/CVE-2024-6151
- alias/CVE-2024-6286
- alias/CVE-2024-31320
- agent/references
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/google
- canonical/google android
- version/google android/12.0
- version/google android/12.1