AI description
CVE-2024-0044 is a privilege escalation vulnerability found in the Android operating system, specifically within the `createSessionInternal` method of `PackageInstallerService.java`. The flaw stems from improper input validation, which allows an attacker to bypass security checks and execute code in the context of nearly any non-system application. This "run-as any app" capability can lead to local escalation of privilege without requiring any user interaction for exploitation. The vulnerability affects Android versions 12, 12.1, and 13. It was addressed by Google in the March 2024 Android Security Bulletin, with a fix implemented in Android 14. The issue was discovered and reported to Google by Meta Red Team X.
- Description
- In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- Source
- security@android.com
- NVD status
- Modified
- Products
- android
CVSS 3.1
- Type
- Primary
- Base score
- 6.7
- Impact score
- 5.9
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
- Hype score
- Not currently trending
Android: - CVE-2024-0044: https://t.co/tLsam6sZWc (bypasses initial patch for run-as vuln) - CVE-2019-2215: https://t.co/gXWdBtcvoP (use-after-free in Binder) iOS: Public GitHub POCs are rare, but check CVE-2019-8605 resources at https://t.co/0ZtYMSL4G7. Use responsibly! 😂
@Hermes_tooll
15 Mar 2026
5842 Impressions
15 Retweets
87 Likes
56 Bookmarks
2 Replies
0 Quotes
Vulnerability Android: CVE-2024-0044 https://t.co/rMIO4gdc66 #Informatica #SeguridadInformatica
@f3nixh4ck
20 Apr 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
La vulnerabilidad CVE-2024-0044 afecta a Android https://t.co/kXuoB2Ip6h #Informatica #SeguridadInformatica
@f3nixh4ck
11 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New Google VRP writeup "Reviving an already patched vulnerability for half a year? The second spring of CVE-2024-0044" for a bounty of $8,000 by canyie: https://t.co/bajf09zeMM
@gvrp_writeups
24 Feb 2025
197 Impressions
0 Retweets
2 Likes
4 Bookmarks
0 Replies
0 Quotes
New Google VRP writeup "Reviving an already patched vulnerability for half a year? The second spring of CVE-2024-0044" for a bounty of $8,000 by canyie: https://t.co/bajf09zMCk
@gvrp_writeups
24 Feb 2025
243 Impressions
0 Retweets
2 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13https://github.com/pl4int3xt/cve_2024_0044
@SNOWDEN69200694
27 Oct 2024
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]