CVE-2024-48336

HIGH

Magisk App < canary 27007 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-48336. PoCs published by canyie.

AI-analyzed exploit summary This is a working exploit for CVE-2024-48336, a local privilege escalation vulnerability in Magisk app. It leverages unsafe dynamic code loading to execute arbitrary commands with root privileges by impersonating GMS.

Description

The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a crafted package, aka Bug #8279. User interaction is not needed for exploitation.

Exploits (1)

nomisec WORKING POC 205 stars
by canyie · poc
https://github.com/canyie/MagiskEoP

This is a working exploit for CVE-2024-48336, a local privilege escalation vulnerability in Magisk app. It leverages unsafe dynamic code loading to execute arbitrary commands with root privileges by impersonating GMS.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Magisk Manager v7.0.0 to Canary 27006
No auth needed
Prerequisites: Device without preinstalled GMS or with broken signature verification · Magisk app installed and granted root access
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.4
EPSS 0.0052
EPSS Percentile 39.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-829
Status published
Published Nov 04, 2024
Tracked Since Feb 18, 2026