CVE-2024-31320

Name of the Vulnerable Software and Affected Versions: Android versions 12 through 12L

Description: The issue is related to errors in privilege management, specifically in the setSkipPrompt function of AssociationRequest.java. This could allow an attacker to establish a companion device association without confirmation, leading to local escalation of privilege with no additional execution privileges needed. User interaction is not necessary for exploitation.

Recommendations: For Android versions 12 through 12L, update your device to the latest security patch level, specifically 2024-07-05, which contains fixes for all 25 vulnerabilities, including this issue. As a temporary workaround, consider restricting access to the vulnerable component until a patch is available.