CVE-2024-0042

Published: May 7, 2024Modified: Dec 17, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected (1)

Products: Google: Android

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Android	All versions

Related CWEs

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (2)

https://source.android.com/security/bulletin/2024-04-01

Source: security@android.com

Vendor Advisory

https://source.android.com/security/bulletin/2024-04-01

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.