mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
2.0 KiB
2.0 KiB
CVE-2024-0044
Description
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
POC
Reference
- https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2
- https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html
Github
- https://github.com/007CRIPTOGRAFIA/c-CVE-2024-0044
- https://github.com/0xMarcio/cve
- https://github.com/0xbinder/CVE-2024-0044
- https://github.com/Andromeda254/cve
- https://github.com/Ankitkushwaha90/trysanityapp
- https://github.com/BlackTom900131/awesome-game-security
- https://github.com/Dit-Developers/CVE-2024-0044-
- https://github.com/GhostTroops/TOP
- https://github.com/JackBlack818/Evil-Droid
- https://github.com/Kai2er/CVE-2024-0044-EXP
- https://github.com/MrW0l05zyn/cve-2024-0044
- https://github.com/Re13orn/CVE-2024-0044-EXP
- https://github.com/a-roshbaik/cve_2024_0044
- https://github.com/canyie/CVE-2024-0044
- https://github.com/canyie/canyie
- https://github.com/fboaventura/awesome-starts
- https://github.com/gmh5225/awesome-game-security
- https://github.com/hunter24x24/cve_2024_0044
- https://github.com/l1ackernishan/CVE-2024-0044
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/pl4int3xt/cve_2024_0044
- https://github.com/scs-labrat/android_autorooter
- https://github.com/sridhar-sec/EvilDroid
- https://github.com/tanjiti/sec_profile
- https://github.com/trevor0106/game-security
- https://github.com/xdavidhu/awesome-google-vrp-writeups