CVE-2024-29745 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Android Pixel Information Disclosure Vulnerability

Exploit added

April 4, 2024

Action due

April 25, 2024

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

https://source.android.com/security/bulletin/pixel/2024-04-01

Weakness Enumeration

CWE-ID	CWE Name
CWE-908	Use of Uninitialized Resource

Known Affected Software Configurations

cpe:2.3:o:google:android:-:::::::*

Details

Source:
NVD

Published:
April 5, 2024

Updated:
July 3, 2024

Risk information

CVSS v3

Base score:
5.5

Severity:

MEDIUM

Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2

Not defined