CVE-2024-32896 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Android Pixel Privilege Escalation Vulnerability

Exploit added

June 13, 2024

Action due

July 4, 2024

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

References

https://source.android.com/security/bulletin/pixel/2024-06-01

Weakness Enumeration

CWE-ID	CWE Name
CWE-670	Always-Incorrect Control Flow Implementation
CWE-783	Operator Precedence Logic Error

Known Affected Software Configurations

cpe:2.3:o:google:android:-:::::::*

Details

Source:
NVD

Published:
June 13, 2024

Updated:
August 14, 2024

Risk information

CVSS v3

Base score:
7.8

Severity:

HIGH

Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2

Not defined