CVE-2024-34739

HIGH

Android - Local Privilege Escalation via UsbProfileGroupSettingsManager Logic Error

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-34739. PoCs published by uthrasri.

AI-analyzed exploit summary The repository contains a partial Java source file from Android's USB settings manager, likely intended to illustrate the vulnerable component in CVE-2024-34739. However, it lacks exploit code or detailed analysis of the vulnerability itself.

Description

In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Exploits (1)

nomisec WRITEUP
by uthrasri · poc
https://github.com/uthrasri/CVE-2024-34739

The repository contains a partial Java source file from Android's USB settings manager, likely intended to illustrate the vulnerable component in CVE-2024-34739. However, it lacks exploit code or detailed analysis of the vulnerability itself.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Android Open Source Project (AOSP) USB settings manager
No auth needed
Prerequisites: Access to Android system with vulnerable USB settings manager
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.8
EPSS 0.0019
EPSS Percentile 8.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-116
Status published
Products (2)
google/android 13.0
google/android 14.0
Published Aug 15, 2024
Tracked Since Feb 18, 2026