ASB-A-324321147

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-324321147.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-324321147
Aliases
  • A-324321147
  • CVE-2024-32896
Published
2024-09-01T00:00:00Z
Modified
2024-09-05T15:27:10.089292Z
Summary
Device administration API factory reset can be interrupted by an attacker with physical access (long-term fix)
Details

In rebootRecoveryWithCommand of RecoverySystemService.java, there is a possible way to bypass a factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/build/soong

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15-next:0
Fixed
15-next:2024-09-01

Affected versions

Other

15-next

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/build/soong/+/c8170926f66853d4ff38e48c7af4ab9fdf0ae5ae"
    ],
    "spl": "2024-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15-next:0
Fixed
15-next:2024-09-01

Affected versions

Other

15-next

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/05b1440e06c84212b4353be7f5cbe97fd1bccafb"
    ],
    "spl": "2024-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/hardware/interfaces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15-next:0
Fixed
15-next:2024-09-01

Affected versions

Other

15-next

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/hardware/interfaces/+/ea595e8e4f01272c0d2664bf7d7ec3710a697709"
    ],
    "spl": "2024-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/system/sepolicy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15-next:0
Fixed
15-next:2024-09-01

Affected versions

Other

15-next

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/system/sepolicy/+/d157988ec5b5f057894fe7ff785f163291d9d767",
        "https://android.googlesource.com/platform/system/sepolicy/+/ca6c75b9572904b0bd8f9d06c8aff2f85e73e30e"
    ],
    "spl": "2024-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/system/sepolicy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2024-09-01

Affected versions

Other

12

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/system/sepolicy/+/837b024352038cb552b7c2473bf0707345550b78"
    ],
    "spl": "2024-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/system/sepolicy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2024-09-01

Affected versions

Other

12L

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/system/sepolicy/+/844c799e6091c23d1dec8dc1a57b1c5c0f9ff7da"
    ],
    "spl": "2024-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/system/sepolicy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2024-09-01

Affected versions

Other

13

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/system/sepolicy/+/72313f580e19af6fbbe95187881c4771a0f2416b"
    ],
    "spl": "2024-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/system/sepolicy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2024-09-01

Affected versions

Other

14

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/system/sepolicy/+/414d63d9d869912a12c23b19d273bccaa7b077d8"
    ],
    "spl": "2024-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}