CVE-2024-0032

Published: Feb 16, 2024Modified: Aug 26, 2025

6.5

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Exploitability: 0.6 / Impact: 5.9

Source: NVD

Description

In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

Affected (5)

Products: Google: Android

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 11.0
Google Android	Version 12.0
Google Android	Version 12.1
Google Android	Version 13.0
Google Android	Version 14.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (6)

https://android.googlesource.com/platform/frameworks/base/+/a6321142ea43053ea8d0db516eede4c35c5dab18

Source: security@android.com

https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/b2cc552f8e1ed982e6662f64baa2cdbf1acaf777

Source: security@android.com

https://source.android.com/security/bulletin/2025-03-01

Source: security@android.com

https://android.googlesource.com/platform/frameworks/base/+/4af5db76f25348849252e0b8a08f4a517ef842b7

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/5acd646e0cf63e2c9c0862da7e03531ef0074394

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

https://source.android.com/security/bulletin/2024-02-01

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.