CVE-2024-39441

High

Published: 26 February 2025

Published

26 February 2025

Modified

06 May 2025

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS Score 0.0004 12.6th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

In wifi display, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.

Security Summary

CVE-2024-39441 is a vulnerability in the wifi display component involving a missing permission check, which could lead to local escalation of privilege without additional execution privileges needed. The issue was published on 2025-02-26 and carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N), indicating high confidentiality and integrity impacts with no availability impact.

A local attacker can exploit this vulnerability with low attack complexity, requiring user interaction but no prior privileges. Exploitation enables escalation of privilege on the affected system, potentially allowing unauthorized access to sensitive data or system resources.

Unisoc has published a security advisory detailing the issue at https://www.unisoc.com/en_us/secy/announcementDetail/1894203086612791298, which security practitioners should consult for mitigation guidance and patch information.

Details

CWE(s): NVD-CWE-noinfo

Affected Products

google

android

13.0, 14.0, 15.0

References

https://www.unisoc.com/en_us/secy/announcementDetail/1894203086612791298
Vendor Advisory · security@unisoc.com