CVE-2024-31323

HIGH

Android - Privilege Escalation

Title source: llm

Description

In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References (2)

[Mailing List, Patch] https://android.googlesource.com/platform/packages/modules/HealthFitness/+/c4e13d15e8dd1df1bd827117d1a74c187ed2b3c2

[Patch, Vendor Advisory] https://source.android.com/security/bulletin/2024-06-01

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 11.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269 CWE-1021

Status published

Products (1)

google/android 14.0

Published Jul 09, 2024

Tracked Since Feb 18, 2026