CVE-2024-40659

MEDIUM

Android - Local Denial of Service via RemoteProvisioningService getRegistration Input Validation

Title source: llm
STIX 2.1

Description

In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Scores

CVSS v3 5.5
EPSS 0.0008
EPSS Percentile 0.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-120
Status published
Products (1)
google/android 14.0
Published Sep 11, 2024
Tracked Since Feb 18, 2026