Cyber Resilience

CVE-2024-39441

High

Published: 26 February 2025

Published
26 February 2025
Modified
06 May 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score 0.0004 13.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39441 is a high-severity an unspecified weakness vulnerability in Google Android. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2024-39441 is a vulnerability in the wifi display component involving a missing permission check, which could lead to local escalation of privilege without additional execution privileges needed. The issue was published on 2025-02-26 and carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N), indicating high confidentiality and integrity impacts with no availability impact.

A local attacker can exploit this vulnerability with low attack complexity, requiring user interaction but no prior privileges. Exploitation enables escalation of privilege on the affected system, potentially allowing unauthorized access to sensitive data or system resources.

Unisoc has published a security advisory detailing the issue at https://www.unisoc.com/en_us/secy/announcementDetail/1894203086612791298, which security practitioners should consult for mitigation guidance and patch information.

EU & UK References

Vulnerability details

In wifi display, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Missing permission check enables local privilege escalation via direct exploitation of the vulnerability (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-56192Same product: Google Android
CVE-2025-48602Same product: Google Android
CVE-2026-0124Same product: Google Android
CVE-2024-49738Same product: Google Android
CVE-2024-40651Same product: Google Android
CVE-2026-0023Same product: Google Android
CVE-2025-48574Same product: Google Android
CVE-2025-48647Same product: Google Android
CVE-2025-48646Same product: Google Android
CVE-2026-0026Same product: Google Android

Affected Assets

google
android
13.0, 14.0, 15.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for logical access to wifi display resources, directly addressing the missing permission check that enables local escalation of privilege.

prevent

Implements a reference monitor to mediate and enforce access control on all system resources, preventing privilege escalation due to inadequate permission enforcement in wifi display.

prevent

Enforces least privilege to restrict unnecessary access rights, mitigating the impact of privilege escalation from the missing wifi display permission check.

References