Login Sign Up

CVE-2024-0026

5.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in Android's SnoozeHelper component allows local attackers to cause persistent denial of service through resource exhaustion. It affects Android devices running vulnerable versions, requiring no user interaction or special privileges for exploitation.

💻 Affected Systems

Products:
  • Android OS
Versions: Specific Android versions as listed in April 2024 security bulletin
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with the vulnerable SnoozeHelper component; exact version ranges should be verified against Android security bulletins

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Device becomes completely unresponsive or requires factory reset to recover functionality

🟠

Likely Case

Degraded device performance, app crashes, or temporary unavailability of snooze/alarm functionality

🟢

If Mitigated

Minimal impact with proper patching and monitoring

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or local access to the device
🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or users with local device access

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access but no special privileges; no public exploit code identified at this time

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level April 2024 or later

Vendor Advisory: https://source.android.com/security/bulletin/2024-04-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install the April 2024 security patch or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable vulnerable component

android

Temporarily disable or restrict the SnoozeHelper functionality if possible

App permission restrictions

android

Review and restrict app permissions that could interact with alarm/snooze functionality

🧯 If You Can't Patch

  • Monitor device performance and restart if unusual resource consumption is detected
  • Implement strict app installation policies and only install apps from trusted sources

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version > Security patch level

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows April 2024 or later date

📡 Detection & Monitoring

Log Indicators:

  • Unusual resource consumption by system services
  • Repeated crashes of alarm/snooze related services

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

Look for patterns of system service crashes or resource exhaustion in Android device logs

📊 Metadata

CVE ID: CVE-2024-0026
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-770
Published: May 7, 2024
Last Updated: December 17, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0026, you might also want to check these:

CVE-2024-44241 9.8

This vulnerability in DCP firmware allows attackers to execute arbitrary code or cause system crashe...

Same vulnerability type (CWE-770)
CVE-2025-11832 9.8

This CVE describes a resource allocation vulnerability in Azure Access Technology BLU-IC2 and BLU-IC...

Same vulnerability type (CWE-770)
CVE-2021-47875 9.8

GeoGebra CAS Calculator 6.0.631.0 contains a buffer overflow vulnerability that allows attackers to ...

Same vulnerability type (CWE-770)