CVE-2024-39441
Published: 26 February 2025
Summary
CVE-2024-39441 is a high-severity an unspecified weakness vulnerability in Google Android. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2024-39441 is a vulnerability in the wifi display component involving a missing permission check, which could lead to local escalation of privilege without additional execution privileges needed. The issue was published on 2025-02-26 and carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N), indicating high confidentiality and integrity impacts with no availability impact.
A local attacker can exploit this vulnerability with low attack complexity, requiring user interaction but no prior privileges. Exploitation enables escalation of privilege on the affected system, potentially allowing unauthorized access to sensitive data or system resources.
Unisoc has published a security advisory detailing the issue at https://www.unisoc.com/en_us/secy/announcementDetail/1894203086612791298, which security practitioners should consult for mitigation guidance and patch information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-53903
Vulnerability details
In wifi display, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing permission check enables local privilege escalation via direct exploitation of the vulnerability (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations for logical access to wifi display resources, directly addressing the missing permission check that enables local escalation of privilege.
Implements a reference monitor to mediate and enforce access control on all system resources, preventing privilege escalation due to inadequate permission enforcement in wifi display.
Enforces least privilege to restrict unnecessary access rights, mitigating the impact of privilege escalation from the missing wifi display permission check.