CVE-2024-0024

Name of the Vulnerable Software and Affected Versions UserManagerService.java (affected versions not specified)

Description The issue is related to improper input validation in multiple methods of UserManagerService.java, which could lead to a failure to persist or enforce user restrictions. This might result in local escalation of privilege with no additional execution privileges needed. User interaction is necessary for exploitation. The vulnerability allows creating users with no restrictions by causing an IOException when creating an intent to create a user with extras that are too long to be serialized, resulting in the restrictions not being written to the file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.