CVE-2024-29745

Warnung

EPSS 0.06%
Veröffentlicht 05.04.2024 20:15:08
Zuletzt bearbeitet 30.07.2025 18:58:29
Quelle dsap-vuln-management@google.co
Teams Watchlist Login
Unerledigt Login

there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version-

04.04.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Android Pixel Information Disclosure Vulnerability

Schwachstelle

Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.196

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://source.android.com/security/bulletin/pixel/2024-04-01

Vendor Advisory

https://twitter.com/GrapheneOS/status/1775306481622995226

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-29745

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-29745

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-29745

EUVD