CVE-2024-0048

2024-03-1100:00:00

ubuntu.com

cve-2024-0048

session

foreground service

null responses

local escalation of privilege

user interaction

unix

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

In Session of AccountManagerService.java, there is a possible method to
retain foreground service privileges due to incorrect handling of null
responses. This could lead to local escalation of privilege with no
additional execution privileges needed. User interaction is not needed for
exploitation.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchandroid-framework-23< anyUNKNOWN
ubuntu20.04noarchandroid-framework-23< anyUNKNOWN
ubuntu22.04noarchandroid-framework-23< anyUNKNOWN
ubuntu23.10noarchandroid-framework-23< anyUNKNOWN
ubuntu24.04noarchandroid-framework-23< anyUNKNOWN
ubuntu18.04noarchandroid-platform-frameworks-base< anyUNKNOWN
ubuntu20.04noarchandroid-platform-frameworks-base< anyUNKNOWN
ubuntu22.04noarchandroid-platform-frameworks-base< anyUNKNOWN
ubuntu23.10noarchandroid-platform-frameworks-base< anyUNKNOWN
ubuntu24.04noarchandroid-platform-frameworks-base< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	android-framework-23	< any	UNKNOWN
ubuntu	20.04	noarch	android-framework-23	< any	UNKNOWN
ubuntu	22.04	noarch	android-framework-23	< any	UNKNOWN
ubuntu	23.10	noarch	android-framework-23	< any	UNKNOWN
ubuntu	24.04	noarch	android-framework-23	< any	UNKNOWN
ubuntu	18.04	noarch	android-platform-frameworks-base	< any	UNKNOWN
ubuntu	20.04	noarch	android-platform-frameworks-base	< any	UNKNOWN
ubuntu	22.04	noarch	android-platform-frameworks-base	< any	UNKNOWN
ubuntu	23.10	noarch	android-platform-frameworks-base	< any	UNKNOWN
ubuntu	24.04	noarch	android-platform-frameworks-base	< any	UNKNOWN