CVE-2024-32896

Warnung

EPSS 0.09%
Veröffentlicht 13.06.2024 21:15:54
Zuletzt bearbeitet 29.11.2024 16:43:34
Quelle dsap-vuln-management@google.co
Teams Watchlist Login
Unerledigt Login

there is a possible way to bypass  due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version-

13.06.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Android Pixel Privilege Escalation Vulnerability

Schwachstelle

Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.269

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-670 Always-Incorrect Control Flow Implementation

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

CWE-783 Operator Precedence Logic Error

The product uses an expression in which operator precedence causes incorrect logic to be used.

https://source.android.com/security/bulletin/pixel/2024-06-01

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-32896

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-32896

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-32896

EUVD