CVE-2024-32896

Warning

EPSS 0.09%
Published 13.06.2024 21:15:54
Last modified 29.11.2024 16:43:34
Source dsap-vuln-management@google.co
Teams watchlist Login
Open Login

there is a possible way to bypass  due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Affected products Warnungen 1 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Android Version-

13.06.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Android Pixel Privilege Escalation Vulnerability

Vulnerability

Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.269

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-670 Always-Incorrect Control Flow Implementation

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

CWE-783 Operator Precedence Logic Error

The product uses an expression in which operator precedence causes incorrect logic to be used.

https://source.android.com/security/bulletin/pixel/2024-06-01

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-32896

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-32896

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-32896

EUVD