Cyber Resilience

CVE-2024-43762

High

Published: 03 January 2025

Published
03 January 2025
Modified
03 July 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0026 49.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-43762 is a high-severity an unspecified weakness vulnerability in Google Android. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 49.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2024-43762 is a logic error present in multiple locations within the Android Open Source Project's platform/frameworks/base component. This flaw enables attackers to avoid unbinding a service from the system, resulting in local escalation of privilege without requiring additional execution privileges or user interaction. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE information not yet detailed by NVD.

A local attacker with low privileges (PR:L) can exploit this issue with low complexity (AC:L) and no need for user interaction (UI:N). Successful exploitation grants high-impact access to confidentiality, integrity, and availability (C:H/I:H/A:H), allowing privilege escalation on affected Android devices.

The Android Security Bulletin dated 2024-12-01 addresses CVE-2024-43762, recommending updates to patched Android versions for mitigation. A corresponding patch is available in the Android Open Source Project at commit ae43ac7f3d3d5112b0f54b5315a15b08208acf9c within platform/frameworks/base.

EU & UK References

Vulnerability details

In multiple locations, there is a possible way to avoid unbinding of a service from the system due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User…

more

interaction is not needed for exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local privilege escalation via service binding logic flaw directly matches Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-56192Same product: Google Android
CVE-2025-48602Same product: Google Android
CVE-2026-0124Same product: Google Android
CVE-2024-49738Same product: Google Android
CVE-2024-40651Same product: Google Android
CVE-2026-0023Same product: Google Android
CVE-2025-48574Same product: Google Android
CVE-2025-48647Same product: Google Android
CVE-2025-48646Same product: Google Android
CVE-2026-0026Same product: Google Android

Affected Assets

google
android
12.0, 12.1, 13.0, 14.0, 15.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Access Enforcement directly mitigates the logic error by requiring comprehensive enforcement of service binding and unbinding policies to prevent unauthorized privilege escalation.

prevent

Least Privilege restricts processes to minimal authorized access, countering local escalation from low-privilege attackers exploiting service unbinding flaws.

prevent

Flaw Remediation addresses the specific logic error through timely identification, reporting, and patching as provided in the Android Open Source Project commit.

References