# CVE-2024-31317 **Repository Path**: Forgo7ten/CVE-2024-31317 ## Basic Information - **Project Name**: CVE-2024-31317 - **Description**: [Mirror] https://github.com/agg23/cve-2024-31317 - **Primary Language**: Unknown - **License**: MIT - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2025-07-24 - **Last Updated**: 2025-07-24 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # Exploration of CVE-2024-31317 CVE-2024-31317 provides unpriviledged access to any uid and SELinux scope available to proper Android apps. This provides access to uid 1000 (`system`) and uid 2000 (`shell`), and can be triggered entirely from an unpriviledged app, allowing for persistence of any functionality using it. - [Explanation](explanation.md) - [Zygote Arguments](arguments.md) - [Emulator Setup](./emulator/) ## Availability This exploit should apply to most Android versions [prior to the June 2024 security patch](https://source.android.com/docs/security/bulletin/2024-06-01) and Android 9+. Some vendors may have cherry picked this change into older versions. Specifically, this means Android 9-14 with a security patch of 2024-06-01 or lower. The vulnerability is trivial for Android versions 11 and below. See [the attached sources](#sources) for implementation instructions on pre-12 versions. ## Derived Access `shell` priviledge should be the same as access directly via `adb shell`. `system` priviledge is more questionable. [@oddbyte](https://github.com/oddbyte) is [maintaining a list](https://github.com/oddbyte/android-system) of available `system` access, specifically relating to this vulnerability. The default prop context permissions are listed in [`property_contexts`](https://android.googlesource.com/platform/system/sepolicy/+/main/private/property_contexts) and [`system_app.te`](https://android.googlesource.com/platform/system/sepolicy/+/main/private/system_app.te). ## Sources This research has heavily been based on the following sources and the actual Android source code: - [Becoming any Android app via Zygote command injection (Meta)](https://rtx.meta.security/exploitation/2024/06/03/Android-Zygote-injection.html) - Unsure which is the original - [The Return of Mystique?... (dawnslab)](https://dawnslab.jd.com/the_return_of_mystique) - [The Return of Mystique?... (Flanker Sky)](https://blog.flanker017.me/cve-2024-31317/) - [Gist and discussion (rabits)](https://gist.github.com/rabits/ecae96c256cb25726b2bb92c73f9c081) - [Gist and discussion (ybtag)](https://gist.github.com/ybtag/db3f3595139556c773fb94b7cbe668b5) - [Exploit demonstration app](https://github.com/oddbyte/CVE-2024-31317)