CVE-2024-0021 – This vulnerability allows an app in the Android... (How to Fix)

Q: What is the severity of CVE-2024-0021?

CVE-2024-0021 has a CVSS score of 7.8 (HIGH). This vulnerability allows an app in the Android work profile to improperly enable notification listener services due to a logic error in NotificationAccessConfirmationActivity.java. This could lead to local privilege escalation without requiring additional execution privileges, though user interaction is needed for exploitation. Affected systems are Android devices with work profiles enabled.

📋 TL;DR

This vulnerability allows an app in the Android work profile to improperly enable notification listener services due to a logic error in NotificationAccessConfirmationActivity.java. This could lead to local privilege escalation without requiring additional execution privileges, though user interaction is needed for exploitation. Affected systems are Android devices with work profiles enabled.

💻 Affected Systems

Products:

Android Settings app

Versions: Android versions prior to January 2024 security patch

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Requires work profile to be enabled and user to interact with notification access prompts.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could gain notification listener access, potentially intercepting sensitive notifications, reading messages, and accessing protected content from other apps.

🟠

Likely Case

Malicious apps in work profiles could gain unauthorized access to notifications from personal profile apps, leading to data leakage.

🟢

If Mitigated

With proper app vetting and work profile management, the risk is limited to notification access rather than full system compromise.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring app installation and user interaction.

🏢 Internal Only: MEDIUM - Within enterprise environments with work profiles, malicious apps could access sensitive notifications.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction and app installation in work profile. The logic error allows bypassing intended restrictions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: January 2024 Android security patch level

Vendor Advisory: https://source.android.com/security/bulletin/2024-01-01

Restart Required: Yes

Instructions:

1. Apply January 2024 Android security patch. 2. Update Android OS to latest version. 3. Restart device after update.

🔧 Temporary Workarounds

Disable work profiles

android

Temporarily disable Android work profiles to prevent exploitation

Navigate to Settings > Accounts > Work profile > Remove work profile

Restrict notification access

android

Review and revoke notification listener permissions for all apps

Navigate to Settings > Apps & notifications > Special app access > Notification access

🧯 If You Can't Patch

Implement strict app vetting for work profile installations
Monitor for unusual notification access requests in work profile apps

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If patch level is before January 2024, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level shows January 2024 or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

Unexpected notification access grants to work profile apps
Multiple notification listener permission requests

Network Indicators:

No network indicators - local privilege escalation

SIEM Query:

Look for EventID related to notification access changes or package manager permission grants

📊 Metadata

CVE ID: CVE-2024-0021

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: February 16, 2024

Last Updated: December 16, 2024

🔗 References

https://android.googlesource.com/platform/packages/apps/Settings/+/53ea491d276f9a7c586c7983c08105a9bb7051f1 Mailing List,Patch
https://source.android.com/security/bulletin/2024-01-01 Patch,Vendor Advisory
https://android.googlesource.com/platform/packages/apps/Settings/+/53ea491d276f9a7c586c7983c08105a9bb7051f1 Mailing List,Patch
https://source.android.com/security/bulletin/2024-01-01 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0021, you might also want to check these: