CVE-2024-31317 provides unpriviledged access to any uid and SELinux scope available to proper Android apps. This provides access to uid 1000 (system
) and uid 2000 (shell
), and can be triggered entirely from an unpriviledged app, allowing for persistence of any functionality using it.
This exploit should apply to most Android versions prior to the June 2024 security patch and Android 9+. Some vendors may have cherry picked this change into older versions. Specifically, this means Android 9-14 with a security patch of 2024-06-01 or lower.
The vulnerability is trivial for Android versions 11 and below. See the attached sources for implementation instructions on pre-12 versions.
shell
priviledge should be the same as access directly via adb shell
. system
priviledge is more questionable. @oddbyte is maintaining a list of available system
access, specifically relating to this vulnerability. The default prop context permissions are listed in property_contexts
and system_app.te
.
This research has heavily been based on the following sources and the actual Android source code: