Login Sign Up

CVE-2024-31312

5.5 MEDIUM

📋 TL;DR

This CVE describes an Android vulnerability where missing permission checks allow local information disclosure of played media. Any Android device running affected versions is vulnerable, requiring no user interaction or special privileges for exploitation.

💻 Affected Systems

Products:
  • Android
Versions: Android versions prior to June 2024 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Android framework base components; all devices running vulnerable Android versions are affected.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access could retrieve sensitive media playback history, potentially exposing private audio/video content metadata.

🟠

Likely Case

Malicious apps could silently collect information about user media consumption habits without permission.

🟢

If Mitigated

With proper app sandboxing and security updates, impact is limited to already compromised devices.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or app-based access to the device.
🏢 Internal Only: MEDIUM - Malicious apps or users with device access could exploit this to gather sensitive information.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access or malicious app installation; no user interaction needed once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: June 2024 Android Security Patch or later

Vendor Advisory: https://source.android.com/security/bulletin/2024-06-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install June 2024 security patch or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Restrict app permissions

android

Review and restrict media access permissions for untrusted apps

Disable unnecessary media services

android

Disable media-related services for apps that don't require them

🧯 If You Can't Patch

  • Isolate affected devices from sensitive networks and data
  • Implement strict app installation policies and only allow trusted sources

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version > Security patch level. If before June 2024, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows June 2024 or later after update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual media service access patterns
  • Multiple permission denial logs for media services

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

Look for Android security patch level older than 2024-06-01 in device inventory systems

📊 Metadata

CVE ID: CVE-2024-31312
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-276
Published: July 9, 2024
Last Updated: December 17, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31312, you might also want to check these:

CVE-2025-40585 9.9

Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro...

Same vulnerability type (CWE-276)
CVE-2023-47462 9.8

This vulnerability allows remote attackers to execute arbitrary code on GL.iNet AX1800 routers by ex...

Same vulnerability type (CWE-276)
CVE-2022-41572 9.8

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) where nmap can be exec...

Same vulnerability type (CWE-276)