Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0272
Vulnerability from certfr_avis - Published: 2024-04-04 - Updated: 2024-04-04
De multiples vulnérabilités ont été découvertes dans les produits Android. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges. Google indique que les vulnérabilités CVE-2024-29745 et CVE-2024-29748 affectant les Pixels pourraient être activement exploitées dans le cadre d'attaques ciblées.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Android versions ant\u00e9rieures \u00e0 12, 12L, 13 et 14 avant le correctif du 5 avril 2024",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
},
{
"description": "Micrologiciel des Pixels avant le correctif du 5 avril 2024",
"product": {
"name": "N/A",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-29749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29749"
},
{
"name": "CVE-2024-29757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29757"
},
{
"name": "CVE-2024-20040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20040"
},
{
"name": "CVE-2024-29740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29740"
},
{
"name": "CVE-2024-0042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0042"
},
{
"name": "CVE-2024-29756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29756"
},
{
"name": "CVE-2024-29782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29782"
},
{
"name": "CVE-2024-21472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21472"
},
{
"name": "CVE-2023-33115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33115"
},
{
"name": "CVE-2023-33023",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33023"
},
{
"name": "CVE-2024-27231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27231"
},
{
"name": "CVE-2023-33103",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33103"
},
{
"name": "CVE-2024-29745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29745"
},
{
"name": "CVE-2024-29742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29742"
},
{
"name": "CVE-2024-0026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0026"
},
{
"name": "CVE-2024-23713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23713"
},
{
"name": "CVE-2023-28547",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28547"
},
{
"name": "CVE-2024-23704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23704"
},
{
"name": "CVE-2024-29750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29750"
},
{
"name": "CVE-2024-21468",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21468"
},
{
"name": "CVE-2024-0027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0027"
},
{
"name": "CVE-2024-29743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29743"
},
{
"name": "CVE-2023-28582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28582"
},
{
"name": "CVE-2023-33084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33084"
},
{
"name": "CVE-2024-23710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23710"
},
{
"name": "CVE-2024-20039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20039"
},
{
"name": "CVE-2023-33096",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33096"
},
{
"name": "CVE-2024-21463",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21463"
},
{
"name": "CVE-2024-29738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29738"
},
{
"name": "CVE-2024-29754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29754"
},
{
"name": "CVE-2024-29753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29753"
},
{
"name": "CVE-2024-23712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23712"
},
{
"name": "CVE-2023-33104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33104"
},
{
"name": "CVE-2024-29744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29744"
},
{
"name": "CVE-2023-33095",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33095"
},
{
"name": "CVE-2024-29751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29751"
},
{
"name": "CVE-2024-29746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29746"
},
{
"name": "CVE-2023-33099",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33099"
},
{
"name": "CVE-2024-29741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29741"
},
{
"name": "CVE-2024-29755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29755"
},
{
"name": "CVE-2024-0022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0022"
},
{
"name": "CVE-2023-21267",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21267"
},
{
"name": "CVE-2024-29783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29783"
},
{
"name": "CVE-2024-29747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29747"
},
{
"name": "CVE-2023-33100",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33100"
},
{
"name": "CVE-2024-29748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29748"
},
{
"name": "CVE-2023-32890",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32890"
},
{
"name": "CVE-2024-29752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29752"
},
{
"name": "CVE-2023-33101",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33101"
},
{
"name": "CVE-2024-27232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27232"
},
{
"name": "CVE-2023-33086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33086"
},
{
"name": "CVE-2023-43515",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43515"
},
{
"name": "CVE-2024-29739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29739"
}
],
"initial_release_date": "2024-04-04T00:00:00",
"last_revision_date": "2024-04-04T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Android du 01 avril 2024",
"url": "https://source.android.com/docs/security/bulletin/2024-04-01?hl=fr"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Pixel du 02 avril 2024",
"url": "https://source.android.com/docs/security/bulletin/pixel/2024-04-01?hl=fr"
}
],
"reference": "CERTFR-2024-AVI-0272",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Android\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges. Google\nindique que les vuln\u00e9rabilit\u00e9s CVE-2024-29745 et CVE-2024-29748\naffectant les Pixels pourraient \u00eatre activement exploit\u00e9es dans le cadre\nd\u0027attaques cibl\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android et Pixel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google Pixel du 02 avril 2024",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google Android du 01 avril 2024",
"url": null
}
]
}
CVE-2024-27232 (GCVE-0-2024-27232)
Vulnerability from cvelistv5 – Published: 2024-04-05 20:02 – Updated: 2024-11-21 16:06
VLAI
EPSS
Summary
In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T18:43:19.376136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:06:21.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-05T20:02:14.780Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-27232",
"datePublished": "2024-04-05T20:02:14.780Z",
"dateReserved": "2024-02-21T15:37:57.286Z",
"dateUpdated": "2024-11-21T16:06:21.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29738 (GCVE-0-2024-29738)
Vulnerability from cvelistv5 – Published: 2024-04-05 20:02 – Updated: 2025-03-28 23:21
VLAI
EPSS
Summary
In gov_init, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information disclosure
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29738",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T16:08:36.402732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T23:21:46.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In gov_init, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-05T20:02:14.922Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-29738",
"datePublished": "2024-04-05T20:02:14.922Z",
"dateReserved": "2024-03-19T15:02:29.516Z",
"dateUpdated": "2025-03-28T23:21:46.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29739 (GCVE-0-2024-29739)
Vulnerability from cvelistv5 – Published: 2024-04-05 20:02 – Updated: 2024-08-21 13:26
VLAI
EPSS
Summary
In tmu_get_temp_lut of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information disclosure
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"lessThan": "2024-04-05",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T13:24:03.701120Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T13:26:14.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In tmu_get_temp_lut of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-05T20:02:15.110Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-29739",
"datePublished": "2024-04-05T20:02:15.110Z",
"dateReserved": "2024-03-19T15:02:29.516Z",
"dateUpdated": "2024-08-21T13:26:14.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29740 (GCVE-0-2024-29740)
Vulnerability from cvelistv5 – Published: 2024-04-05 20:02 – Updated: 2024-08-02 01:10
VLAI
EPSS
Summary
In tmu_set_table of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of privilege
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T19:45:57.292176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:57:48.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In tmu_set_table of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-05T20:02:15.268Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-29740",
"datePublished": "2024-04-05T20:02:15.268Z",
"dateReserved": "2024-03-19T15:02:29.516Z",
"dateUpdated": "2024-08-02T01:10:55.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29741 (GCVE-0-2024-29741)
Vulnerability from cvelistv5 – Published: 2024-04-05 20:02 – Updated: 2026-02-28 03:02
VLAI
EPSS
Summary
In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of privilege
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "android_kernel"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-08T15:15:27.244289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-28T03:02:40.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-05T20:02:15.409Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-29741",
"datePublished": "2024-04-05T20:02:15.409Z",
"dateReserved": "2024-03-19T15:02:29.516Z",
"dateUpdated": "2026-02-28T03:02:40.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-29742 (GCVE-0-2024-29742)
Vulnerability from cvelistv5 – Published: 2024-04-05 20:02 – Updated: 2024-11-06 19:42
VLAI
EPSS
Summary
In apply_minlock_constraint of dvfs.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information disclosure
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-08T15:21:25.097098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T19:42:23.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In apply_minlock_constraint of dvfs.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-05T20:02:15.557Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-29742",
"datePublished": "2024-04-05T20:02:15.557Z",
"dateReserved": "2024-03-19T15:02:29.516Z",
"dateUpdated": "2024-11-06T19:42:23.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29743 (GCVE-0-2024-29743)
Vulnerability from cvelistv5 – Published: 2024-04-05 20:02 – Updated: 2025-03-24 19:51
VLAI
EPSS
Summary
In tmu_set_temp_lut of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
7.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of privilege
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:google:pixel:acpm:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pixel",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "acpm"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T22:08:43.573536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T19:51:45.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In tmu_set_temp_lut of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-05T20:02:15.703Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-29743",
"datePublished": "2024-04-05T20:02:15.703Z",
"dateReserved": "2024-03-19T15:02:29.516Z",
"dateUpdated": "2025-03-24T19:51:45.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29744 (GCVE-0-2024-29744)
Vulnerability from cvelistv5 – Published: 2024-04-05 20:02 – Updated: 2025-03-25 17:40
VLAI
EPSS
Summary
In tmu_get_gov_time_windows, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information disclosure
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T16:46:12.554109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T17:40:08.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In tmu_get_gov_time_windows, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-05T20:02:15.850Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-29744",
"datePublished": "2024-04-05T20:02:15.850Z",
"dateReserved": "2024-03-19T15:02:29.516Z",
"dateUpdated": "2025-03-25T17:40:08.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29745 (GCVE-0-2024-29745)
Vulnerability from cvelistv5 – Published: 2024-04-05 20:02 – Updated: 2025-10-21 23:05
VLAI
EPSS
Summary
there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
5.5 (Medium)
SSVC
Exploitation: active
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information disclosure
- CWE-908 - Use of Uninitialized Resource
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/pixe… | |
| https://twitter.com/GrapheneOS/status/17753064816… | issue-tracking |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29745",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T13:59:18.647104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-04-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-29745"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:22.006Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://twitter.com/GrapheneOS/status/1775306481622995226"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-29745"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-04T00:00:00.000Z",
"value": "CVE-2024-29745 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-05T20:02:15.995Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-29745",
"datePublished": "2024-04-05T20:02:15.995Z",
"dateReserved": "2024-03-19T15:02:29.517Z",
"dateUpdated": "2025-10-21T23:05:22.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29746 (GCVE-0-2024-29746)
Vulnerability from cvelistv5 – Published: 2024-04-05 20:02 – Updated: 2024-08-27 14:53
VLAI
EPSS
Summary
In lpm_req_handler of lpm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
8.4 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of privilege
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T15:48:16.541793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T14:53:44.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In lpm_req_handler of lpm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-05T20:02:16.139Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-29746",
"datePublished": "2024-04-05T20:02:16.139Z",
"dateReserved": "2024-03-19T15:02:29.517Z",
"dateUpdated": "2024-08-27T14:53:44.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…