CVE-2024-29745

Warnung

EPSS 0.21%
Veröffentlicht 05.04.2024 20:15:08
Zuletzt bearbeitet 24.10.2025 13:45:35
Quelle dsap-vuln-management@google.co
CVE-Watchlists
Login
Unerledigt
Login

there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version-

04.04.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Android Pixel Information Disclosure Vulnerability

Schwachstelle

Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.428

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://source.android.com/security/bulletin/pixel/2024-04-01

Vendor Advisory

https://twitter.com/GrapheneOS/status/1775306481622995226

Third Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-29745

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2024-29745

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-29745

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-29745

EUVD