CVE-2024-34723

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-783
View all →

Vulnerability Description

In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Related Vulnerabilities

CVE-2017-13322

CRITICAL
CVSS:5.5(Medium)

In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service wi...

CWE-7832017

CVE-2024-49736

MEDIUM
CVSS:5.5(Medium)

In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. This could lead to local denial of service with no additi...

CWE-7832024

CVE-2025-24210

MEDIUM
CVSS:5.5(Medium)

A logic error was addressed with improved error handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonom...

CWE-7832025

CVE-2024-20314

HIGH
CVSS:8.6(High)

A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop...

CWE-7832024

CVE-2024-20480

HIGH
CVSS:8.6(High)

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utiliza...

CWE-7832024

CVE-2024-31335

HIGH
CVSS:8.4(High)

In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no a...

CWE-7832024