CVE-2024-20884

Name of the Vulnerable Software and Affected Versions BatteryStatsService versions prior to SMR Jun-2024 Release 1

Description The issue is related to the incorrect use of a privileged API in the getSemBatteryUsageStats function within the BatteryStatsService. This allows local attackers to utilize privileged API, potentially leading to unauthorized access or actions. The estimated number of potentially affected devices and details about real-world incidents where this issue was exploited are not provided.

Recommendations For versions prior to SMR Jun-2024 Release 1, as a temporary workaround, consider restricting access to the getSemBatteryUsageStats function in the BatteryStatsService until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.