{"id":"CVE-2024-48336","details":"The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a crafted package, aka Bug #8279. User interaction is not needed for exploitation.","modified":"2026-04-12T11:14:32.639624Z","published":"2024-11-04T18:15:05.027Z","references":[{"type":"FIX","url":"https://github.com/topjohnwu/Magisk/commit/c2eb6039579b8a2fb1e11a753cea7662c07bec02"},{"type":"PACKAGE","url":"https://github.com/canyie/MagiskEoP"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/topjohnwu/magisk","events":[{"introduced":"0"},{"fixed":"c2eb6039579b8a2fb1e11a753cea7662c07bec02"}]}],"versions":["canary-27005","canary-27006","manager-v5.8.2","manager-v5.8.3","manager-v5.9.0","manager-v5.9.1","manager-v6.0.0","manager-v6.0.1","manager-v6.1.0","manager-v7.0.0","manager-v7.1.0","manager-v7.1.1","manager-v7.3.0","manager-v7.3.1","manager-v7.3.2","manager-v7.3.4","manager-v7.3.5","manager-v7.4.0","manager-v7.5.0","manager-v7.5.1","manager-v8.0.0","manager-v8.0.1","manager-v8.0.2","manager-v8.0.3","manager-v8.0.4","manager-v8.0.5","manager-v8.0.6","manager-v8.0.7","v10","v10.1","v11.0","v11.1","v11.5","v11.6","v12.0","v13.0","v13.1","v13.2","v13.3","v14.0","v14.2","v14.3","v14.5","v14.6","v15.0","v15.1","v15.2","v15.3","v15.4","v16.0","v16.1","v16.2","v16.3","v16.4","v16.6","v16.7","v17.0","v17.1","v17.2","v17.3","v18.0","v18.1","v19.0","v19.3","v19.4","v20.0","v20.1","v20.2","v20.3","v20.4","v21.0","v21.1","v21.2","v21.3","v21.4","v22.0","v22.1","v23.0","v24.0","v24.1","v24.2","v24.3","v25.0","v25.1","v25.2","v26.0","v26.1","v26.2","v26.3","v26.4","v27.0","v7","v8","v9"],"database_specific":{"vanir_signatures":[{"target":{"file":"app/shared/src/main/java/com/topjohnwu/magisk/ProviderInstaller.java","function":"install"},"signature_type":"Function","signature_version":"v1","id":"CVE-2024-48336-17365993","digest":{"length":395,"function_hash":"72116613464738985378492005673564804781"},"source":"https://github.com/topjohnwu/magisk/commit/c2eb6039579b8a2fb1e11a753cea7662c07bec02","deprecated":false},{"target":{"file":"app/shared/src/main/java/com/topjohnwu/magisk/ProviderInstaller.java"},"signature_type":"Line","signature_version":"v1","id":"CVE-2024-48336-745a282f","digest":{"line_hashes":["271302748090116704997226398093029057196","46949343717901107046691334759137754466","165786013411591125339127227260090336603","80814988501233857635143305039870665054","224740942548903968123671431217185881093","72707519580048014493916002148735777390"],"threshold":0.9},"source":"https://github.com/topjohnwu/magisk/commit/c2eb6039579b8a2fb1e11a753cea7662c07bec02","deprecated":false}],"vanir_signatures_modified":"2026-04-12T11:14:32Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-48336.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}