Login Sign Up

CVE-2024-0038

7.8 HIGH

📋 TL;DR

This vulnerability allows local attackers to inject arbitrary input events without proper permission checks in Android's AccessibilityManagerService. It enables local privilege escalation without requiring user interaction. Affected systems include Android devices running vulnerable versions.

💻 Affected Systems

Products:
  • Android
Versions: Android versions prior to February 2024 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Android devices with vulnerable versions of the AccessibilityManagerService component.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to execute arbitrary code with elevated privileges, access sensitive data, or perform unauthorized actions.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security restrictions and perform actions they shouldn't be authorized to do.

🟢

If Mitigated

Limited impact with proper permission controls and security patches applied.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or local access to the device.
🏢 Internal Only: HIGH - Malicious apps or users with local access can exploit this to escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access to the device but no user interaction. Exploitation involves bypassing permission checks in the AccessibilityManagerService.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: February 2024 Android Security Patch or later

Vendor Advisory: https://source.android.com/security/bulletin/2024-02-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install the February 2024 security patch or later. 3. Restart the device after installation.

🔧 Temporary Workarounds

Disable unnecessary accessibility services

android

Reduce attack surface by disabling accessibility services that aren't needed

Settings > Accessibility > Installed services > Toggle off unnecessary services

🧯 If You Can't Patch

  • Restrict physical access to devices and implement strict app installation policies
  • Monitor for suspicious accessibility service usage and implement application allowlisting

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version > Security patch level. If before February 2024, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows February 2024 or later in Settings > About phone > Android version > Security patch level.

📡 Detection & Monitoring

Log Indicators:

  • Unusual accessibility service activations
  • Permission bypass attempts in system logs
  • Unexpected input event injections

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Not applicable for network detection - focus on device logs and security events

📊 Metadata

CVE ID: CVE-2024-0038
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-862
Published: February 16, 2024
Last Updated: December 16, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0038, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)