CVE-2024-40653 | THREATINT

Description

In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

PUBLISHED Reserved 2024-07-08 | Published 2025-09-02 | Updated 2026-02-26 | Assigner google_android

Problem types

Elevation of privilege

Product status

Default status

unaffected

affected

References

android.googlesource.com/...49de08a87e2e09380f6076ffd5196987

android.googlesource.com/...c473d8d880333556726b1dcbce041e41

android.googlesource.com/...1b8f0b80f2a1e0ea6e8093e990e1790e

source.android.com/security/bulletin/2025-04-01

cve.org (CVE-2024-40653)

nvd.nist.gov (CVE-2024-40653)

Download JSON