CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-34738

Medium Severity
Google
SVRS
30/100
CVSSv3
7.8/10
EPSS
0.00013/1

CVE-2024-34738 allows unprivileged apps to potentially read their own restricted app-op states in Android. This vulnerability stems from a logic error within AppOpsService.java, bypassing intended restrictions. The SOCRadar Vulnerability Risk Score (SVRS) is 30, indicating a moderate risk level. While the CVSS score is 7.8, the lower SVRS suggests that, based on SOCRadar's threat intelligence, active exploitation in the wild or association with known threat actors is currently limited. However, the potential for local privilege escalation is a significant concern. Exploitation requires no user interaction, increasing the attack surface. This security flaw could enable malicious apps to gain unauthorized access to sensitive information or functionalities. Organizations should monitor this CVE and apply relevant patches as they become available to mitigate potential risks.

TAGS
No tags available
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-03-26
LAST MODIFIED2024-08-15

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-34738 | Google Android 13/14 AppOpsService.java state issue
vuldb.com2024-12-17
CVE-2024-34738 | Google Android 13/14 AppOpsService.java state issue | A vulnerability, which was classified as problematic, was found in Google Android 13/14. This affects an unknown part of the file AppOpsService.java. The manipulation leads to state issue. This vulnerability is uniquely identified as CVE-2024-34738. Local access is required to approach this attack. There is no exploit available. It is recommended to apply
vuldb.com
rss
forum
news

Social Media

CVE-2024-34738 In multiple functions of https://t.co/NARzTC28cz, there is a possible way for unprivileged apps to read their own restrictRead app-op states due to a logic error in the co… https://t.co/rPp1vh6HGf
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSGoogleandroid

References

ReferenceLink
[email protected]https://android.googlesource.com/platform/frameworks/base/+/21d764807b3dcd402d63e2b4c9fbae1c9965400a
[email protected]https://source.android.com/security/bulletin/2024-08-01

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence