Vulnerability Database

296,172

Total vulnerabilities in the database

CVE-2024-34637

Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background.

  • Published: Sep 4, 2024
  • Updated: May 4, 2025
  • CVE: CVE-2024-34637
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

No CWE or OWASP classifications available.

Software From Fixed in
samsung / android 12.0 12.0.x
samsung / android 13.0 13.0.x
samsung / android 14.0 14.0.x
samsung / android 14.0-smr-jun-2024-r1 14.0-smr-jun-2024-r1.x
samsung / android 13.0-smr-jun-2024-r1 13.0-smr-jun-2024-r1.x
samsung / android 12.0-smr_sep-2024-r1 12.0-smr_sep-2024-r1.x