CVE-2024-29745

Warning

EPSS 0.06%
Published 05.04.2024 20:15:08
Last modified 30.07.2025 18:58:29
Source dsap-vuln-management@google.co
Teams watchlist Login
Open Login

there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected products Warnungen 1 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Android Version-

04.04.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Android Pixel Information Disclosure Vulnerability

Vulnerability

Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.196

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://source.android.com/security/bulletin/pixel/2024-04-01

Vendor Advisory

https://twitter.com/GrapheneOS/status/1775306481622995226

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-29745

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-29745

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-29745

EUVD