CVE-2024-0029

In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

More information : https://android.googlesource.com/platform/frameworks/base/+/9b10fd9718f4e6f6843adbfc14e46a93aab93aad

Attack vector : LOCAL
Attack complexity : LOW
Privileges required : LOW
User interaction : NONE
Confidentiality impact : HIGH
Integrity impact : HIGH
Base score : 7.8
Base severity : HIGH
Exploitability score : 1.8
Impact score : 5.9