CVE-2024-31324

In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://android.googlesource.com/platform/frameworks/base/+/f16cc1135b414906164eb8fc55a76971b0e36c21	Mailing List Patch
https://source.android.com/security/bulletin/2024-06-01	Patch Vendor Advisory
https://android.googlesource.com/platform/frameworks/base/+/f16cc1135b414906164eb8fc55a76971b0e36c21	Mailing List Patch
https://source.android.com/security/bulletin/2024-06-01	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:google:android:12.0:::::::*
	cpe:2.3:o:google:android:12.1:::::::*
	cpe:2.3:o:google:android:13.0:::::::*
	cpe:2.3:o:google:android:14.0:::::::*

History

17 Dec 2024, 19:04

Type	Values Removed	Values Added
References	~~() https://android.googlesource.com/platform/frameworks/base/+/f16cc1135b414906164eb8fc55a76971b0e36c21 -~~	() https://android.googlesource.com/platform/frameworks/base/+/f16cc1135b414906164eb8fc55a76971b0e36c21 - Mailing List, Patch
References	~~() https://source.android.com/security/bulletin/2024-06-01 -~~	() https://source.android.com/security/bulletin/2024-06-01 - Patch, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~7.8~~	v2 : unknown v3 : 7.3
First Time		Google android Google
CPE		cpe:2.3:o:google:android:13.0:::::::* cpe:2.3:o:google:android:14.0:::::::* cpe:2.3:o:google:android:12.1:::::::* cpe:2.3:o:google:android:12.0:::::::*
CWE		CWE-1021

Information

Published : 2024-07-09 21:15

Updated : 2025-03-15 16:15

NVD link : CVE-2024-31324

Mitre link : CVE-2024-31324

CVE.ORG link : CVE-2024-31324

JSON object : View

Products Affected

google

android

CWE

CWE-1021

Improper Restriction of Rendered UI Layers or Frames

{"id": "CVE-2024-31324", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-07-09T21:15:13.563", "references": [{"url": "https://android.googlesource.com/platform/frameworks/base/+/f16cc1135b414906164eb8fc55a76971b0e36c21", "tags": ["Mailing List", "Patch"], "source": "security@android.com"}, {"url": "https://source.android.com/security/bulletin/2024-06-01", "tags": ["Patch", "Vendor Advisory"], "source": "security@android.com"}, {"url": "https://android.googlesource.com/platform/frameworks/base/+/f16cc1135b414906164eb8fc55a76971b0e36c21", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://source.android.com/security/bulletin/2024-06-01", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1021"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-1021"}]}], "descriptions": [{"lang": "en", "value": "In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation."}, {"lang": "es", "value": "En hide de WindowState.java, existe una forma posible de omitir la protecci\u00f3n contra secuestro/superposici\u00f3n iniciando la actividad en modo vertical primero y luego rot\u00e1ndola al modo horizontal. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del usuario necesarios. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."}], "lastModified": "2025-03-15T16:15:12.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"}, {"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"}, {"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"}, {"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"}], "operator": "OR"}]}], "sourceIdentifier": "security@android.com"}