CVE-2024-43089 Information

Description

In updateInternal of MediaProvider.java there is a possible access of another app’s files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Reference

https://android.googlesource.com/platform/packages/providers/MediaProvider/+/33ff6a663eea1fcdd2b422b98722c1dee48a7f6a https://source.android.com/security/bulletin/2024-11-01