一、 漏洞 CVE-2024-0044 基础信息
漏洞标题
N/A
来源:AIGC 神龙大模型
漏洞描述信息
PackageInstallerService.java的createSessionInternal方法中,由于输入验证不当,可能导致任何应用以run-as权限运行。这可能会导致本地权限提升,无需额外执行权限。利用该漏洞不需要用户交互。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
来源:AIGC 神龙大模型
漏洞类别
输入验证不恰当
来源:AIGC 神龙大模型
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Google Android 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Google Android是美国谷歌(Google)公司的一套以Linux为基础的开源操作系统。 Google Android 存在安全漏洞,该漏洞源于 PackageInstallerService.java 文件的 createSessionInternal 方法存在输入验证不当,可能会以任何应用程序的方式运行。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2024-0044 的公开POC
# POC 描述 源链接 神龙链接
1 Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability remotely https://github.com/scs-labrat/android_autorooter POC详情
2 CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13 https://github.com/pl4int3xt/cve_2024_0044 POC详情
3 利用 CVE-2024-0044 Android 权限提升下载任意目标App沙箱文件。 https://github.com/Re13orn/CVE-2024-0044-EXP POC详情
4 CVE-2024-0044: uma vulnerabilidade de alta gravidade do tipo "executar como qualquer aplicativo" que afeta as versões 12 e 13 do Android https://github.com/007CRIPTOGRAFIA/c-CVE-2024-0044 POC详情
5 利用CVE-2024-0044 在Android12、13 下提权 https://github.com/Kai2er/CVE-2024-0044-EXP POC详情
6 CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13 https://github.com/hunter24x24/cve_2024_0044 POC详情
7 EvilDroid automates the exploitation of CVE-2024-0044, installing malicious payloads on a target device and extracting sensitive data. It features automated ADB connection checks, APK pushing, UID extraction, payload generation, and real-time progress updates, providing a seamless and professional user experience. https://github.com/nexussecelite/EvilDroid POC详情
8 a vulnerability affecting Android version 12 & 13 https://github.com/nahid0x1/CVE-2024-0044 POC详情
9 CVE-2024-0044 https://github.com/MrW0l05zyn/cve-2024-0044 POC详情
10 PoC and writeup for bypassing the initial patch of CVE-2024-0044, Android run-as any app vulnerability allowing privilege escalation from adb to installed app https://github.com/canyie/CVE-2024-0044 POC详情
11 CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13 https://github.com/pl4int3xt/CVE-2024-0044 POC详情
12 CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13 https://github.com/0xbinder/CVE-2024-0044 POC详情
13 CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13 https://github.com/Dit-Developers/CVE-2024-0044- POC详情
三、漏洞 CVE-2024-0044 的情报信息