CVE-2024-34637 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-34637

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background.

Affected Software

Name	Vendor	Start Version	End Version
Android	Samsung	12.0 (including)	12.0 (including)
Android	Samsung	12.0-smr_sep-2024-r1 (including)	12.0-smr_sep-2024-r1 (including)
Android	Samsung	13.0 (including)	13.0 (including)
Android	Samsung	13.0-smr-jun-2024-r1 (including)	13.0-smr-jun-2024-r1 (including)
Android	Samsung	14.0 (including)	14.0 (including)
Android	Samsung	14.0-smr-jun-2024-r1 (including)	14.0-smr-jun-2024-r1 (including)

References

https://security.samsungmobile.com/securityUpdate.smsb?year=2024\u0026month=09