mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
1.0 KiB
1.0 KiB
CVE-2024-0044
Description
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
POC
Reference
- https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2
- https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2
- https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html
- https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html
Github
No PoCs found on GitHub currently.