{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T18:36:42.148","vulnerabilities":[{"cve":{"id":"CVE-2024-40659","sourceIdentifier":"security@android.com","published":"2024-09-11T00:15:11.473","lastModified":"2024-12-17T19:07:45.260","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."},{"lang":"es","value":"En getRegistration de RemoteProvisioningService.java, existe una forma posible de deshabilitar permanentemente la función de generación de claves de AndroidKeyStore mediante la actualización de las claves de certificación de todas las aplicaciones instaladas debido a una validación de entrada incorrecta. Esto podría provocar una denegación de servicio local sin necesidad de privilegios de ejecución adicionales. No se necesita la interacción del usuario para la explotación."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*","matchCriteriaId":"2700BCC5-634D-4EC6-AB67-5B678D5F951D"}]}]}],"references":[{"url":"https://android.googlesource.com/platform/packages/modules/RemoteKeyProvisioning/+/c65dce4c6d8d54e47dce79a56e29e2223a2354e6","source":"security@android.com","tags":["Mailing List","Patch"]},{"url":"https://source.android.com/security/bulletin/2024-09-01","source":"security@android.com","tags":["Patch","Vendor Advisory"]}]}}]}