Lucene search
SamsungMobileCVE-2024-34640HistorySep 04, 2024 - 6:15 a.m.
CVE-2024-34640
2024-09-0406:15:12
SamsungMobile
web.nvd.nist.gov
23
improper access control
bgprotectmanager
local attackers
process expiration
CVSS3
3.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
6.9
Confidence
Low
EPSS
0
Percentile
9.6%
Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration.
Affected configurations
Node
samsungandroidMatch12.0-
ORsamsungandroidMatch12.0smr-apr-2022-r1
ORsamsungandroidMatch12.0smr-apr-2023-r1
ORsamsungandroidMatch12.0smr-aug-2022-r1
ORsamsungandroidMatch12.0smr-dec-2021-r1
ORsamsungandroidMatch12.0smr-dec-2022-r1
ORsamsungandroidMatch12.0smr-feb-2022-r1
ORsamsungandroidMatch12.0smr-feb-2023-r1
ORsamsungandroidMatch12.0smr-jan-2022-r1
ORsamsungandroidMatch12.0smr-jan-2023-r1
ORsamsungandroidMatch12.0smr-jul-2022-r1
ORsamsungandroidMatch12.0smr-jul-2023-r1
ORsamsungandroidMatch12.0smr-jun-2022-r1
ORsamsungandroidMatch12.0smr-jun-2023-r1
ORsamsungandroidMatch12.0smr-mar-2022-r1
ORsamsungandroidMatch12.0smr-mar-2023-r1
ORsamsungandroidMatch12.0smr-may-2022-r1
ORsamsungandroidMatch12.0smr-may-2023-r1
ORsamsungandroidMatch12.0smr-nov-2021-r1
ORsamsungandroidMatch12.0smr-nov-2022-r1
ORsamsungandroidMatch12.0smr-oct-2022-r1
ORsamsungandroidMatch12.0smr-sep-2022-r1
ORsamsungandroidMatch13.0-
ORsamsungandroidMatch13.0smr-apr-2023-r1
ORsamsungandroidMatch13.0smr-dec-2022-r1
ORsamsungandroidMatch13.0smr-feb-2023-r1
ORsamsungandroidMatch13.0smr-jan-2023-r1
ORsamsungandroidMatch13.0smr-jul-2023-r1
ORsamsungandroidMatch13.0smr-jun-2023-r1
ORsamsungandroidMatch13.0smr-mar-2023-r1
ORsamsungandroidMatch13.0smr-may-2023-r1
ORsamsungandroidMatch13.0smr-nov-2022-r1
ORsamsungandroidMatch13.0smr-oct-2022-r1
ORsamsungandroidMatch14.0smr-apr-2024-r1
ORsamsungandroidMatch14.0smr-feb-2024-r1
ORsamsungandroidMatch14.0smr-jan-2024-r1
ORsamsungandroidMatch14.0smr-jul-2024-r1
ORsamsungandroidMatch14.0smr-jun-2024-r1
ORsamsungandroidMatch14.0smr-mar-2024-r1
ORsamsungandroidMatch14.0smr-may-2024-r1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:* |
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:smr-apr-2022-r1:*:*:*:*:*:* |
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:smr-apr-2023-r1:*:*:*:*:*:* |
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:smr-aug-2022-r1:*:*:*:*:*:* |
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:smr-dec-2021-r1:*:*:*:*:*:* |
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1:*:*:*:*:*:* |
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:smr-feb-2022-r1:*:*:*:*:*:* |
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:smr-feb-2023-r1:*:*:*:*:*:* |
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:smr-jan-2022-r1:*:*:*:*:*:* |
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:smr-jan-2023-r1:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Samsung Mobile",
"product": "Samsung Mobile Devices",
"versions": [
{
"status": "unaffected",
"version": "SMR Sep-2024 Release in Android 12, 13, 14"
}
],
"defaultStatus": "affected"
}
]Related
vulnrichment
vulnrichment
CVE-2024-34640
2024-09-04 05:32:23
cvelist
cvelist
CVE-2024-34640
2024-09-04 05:32:23
nvd
nvd
CVE-2024-34640
2024-09-04 06:15:12
CVSS3
3.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
6.9
Confidence
Low
EPSS
0
Percentile
9.6%
Related for CVE-2024-34640