CVE-2024-29748 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Android Pixel Privilege Escalation Vulnerability

Exploit added

April 4, 2024

Action due

April 25, 2024

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

References

https://source.android.com/security/bulletin/pixel/2024-04-01

Weakness Enumeration

CWE-ID	CWE Name
CWE-280	Improper Handling of Insufficient Permissions or Privileges

Known Affected Software Configurations

cpe:2.3:o:google:android:-:::::::*

Details

Source:
NVD

Published:
April 5, 2024

Updated:
August 1, 2024

Risk information

CVSS v3

Base score:
7.8

Severity:

HIGH

Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2

Not defined