Home > Vulnerability Database > CVE-2024-31316

Mend.io Vulnerability Database

CVE-2024-31316

Good to know:

Date: July 9, 2024

In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Language: Java

Severity Score

7.8

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-31316

Url: https://android.googlesource.com/platform/frameworks/base/+/3457d82f8e265ad615b38f6a2aa3c33f1e100cb9

Url: https://source.android.com/security/bulletin/2024-06-01

Url: https://www.mend.io/vulnerability-database/CVE-2024-31316

Severity Score

7.8

Top Fix

Upgrade Version

Upgrade to version android-14.0.0_r50

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-31316

Good to know:

Date: July 9, 2024

Language: Java

Severity Score

Related Resources (4)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?