cve/2024/CVE-2024-31317.md

### [CVE-2024-31317](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31317)
![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%2014%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen)

### Description

In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Anonymous941/zygote-injection-toolkit
- https://github.com/FreeXR/exploits
- https://github.com/PenumbraOS/docs
- https://github.com/PenumbraOS/pinitd
- https://github.com/WebLDix/CVE-2024-31317-PoC-Deployer
- https://github.com/agg23/android_31317_exploit_rs
- https://github.com/agg23/cve-2024-31317
- https://github.com/canyie/CVE-2024-0044
- https://github.com/fuhei/CVE-2024-31317
- https://github.com/jmywh1/CVE-2024-31317
- https://github.com/mianliupindao/CVE-2024-31317-PoC-Deployer
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/rifting/Zygotroller
- https://github.com/zulloper/cve-poc