CVE-2024-23708

HIGH

NotificationManagerService - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-23708. PoCs published by uthrasri.

AI-analyzed exploit summary This repository contains test cases and related code for CVE-2024-23708, focusing on the AlertRateLimiter and BadgeExtractor components in Android's notification system. The code demonstrates the vulnerability through unit tests but does not include a functional exploit.

Description

In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Exploits (1)

nomisec WRITEUP
by uthrasri · poc
https://github.com/uthrasri/CVE-2024-23708

This repository contains test cases and related code for CVE-2024-23708, focusing on the AlertRateLimiter and BadgeExtractor components in Android's notification system. The code demonstrates the vulnerability through unit tests but does not include a functional exploit.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Android Open Source Project (AOSP) notification system
No auth needed
Prerequisites: Access to Android notification system components
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.8
EPSS 0.0034
EPSS Percentile 25.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-451
Status published
Products (4)
google/android 12.0
google/android 12.1
google/android 13.0
google/android 14.0
Published May 07, 2024
Tracked Since Feb 18, 2026