Multiple vulnerabilities in Google Pixel



Published: 2024-04-03 | Updated: 2024-04-03
Risk High
Patch available YES
Number of vulnerabilities 25
CVE-ID CVE-2024-29747
CVE-2023-43515
CVE-2024-29742
CVE-2024-29739
CVE-2024-29756
CVE-2024-29746
CVE-2024-29783
CVE-2024-29782
CVE-2024-29755
CVE-2024-29754
CVE-2024-29751
CVE-2024-29750
CVE-2024-29744
CVE-2024-29745
CVE-2024-29738
CVE-2024-27232
CVE-2024-27231
CVE-2024-29757
CVE-2024-29753
CVE-2024-29752
CVE-2024-29749
CVE-2024-29743
CVE-2024-29741
CVE-2024-29740
CVE-2024-29748
CWE-ID CWE-200
CWE-120
CWE-20
Exploitation vector Local
Public exploit Vulnerability #14 is being exploited in the wild.
Vulnerability #25 is being exploited in the wild.
Vulnerable software
Subscribe
Pixel
Mobile applications / Mobile firmware & hardware

Vendor Google

Security Bulletin

This security bulletin contains information about 25 vulnerabilities.

1) Information exposure

EUVDB-ID: #VU88086

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29747

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU87932

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-43515

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in HLOS. A local application can read and manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information exposure

EUVDB-ID: #VU88096

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29742

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information exposure

EUVDB-ID: #VU88095

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29739

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU88094

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29756

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the audio subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU88093

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29746

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the acpm subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Information exposure

EUVDB-ID: #VU88092

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29783

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Information exposure

EUVDB-ID: #VU88091

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29782

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Information exposure

EUVDB-ID: #VU88090

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29755

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Information exposure

EUVDB-ID: #VU88089

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29754

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information exposure

EUVDB-ID: #VU88088

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29751

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the GSC subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Information exposure

EUVDB-ID: #VU88087

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29750

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the GSC subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Information exposure

EUVDB-ID: #VU88084

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29744

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Information exposure

EUVDB-ID: #VU88085

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-29745

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the bootloader subcomponent in Pixel. A local application can gain access to sensitive information.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

15) Information exposure

EUVDB-ID: #VU88083

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29738

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Information exposure

EUVDB-ID: #VU88082

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27232

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the GSC subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Information exposure

EUVDB-ID: #VU88081

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27231

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper input validation

EUVDB-ID: #VU88080

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29757

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Companion subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper input validation

EUVDB-ID: #VU88079

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29753

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper input validation

EUVDB-ID: #VU88078

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29752

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper input validation

EUVDB-ID: #VU88077

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29749

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper input validation

EUVDB-ID: #VU88075

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29743

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper input validation

EUVDB-ID: #VU88074

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29741

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the S2MPU subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper input validation

EUVDB-ID: #VU88073

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29740

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper input validation

EUVDB-ID: #VU88076

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-29748

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Pixel Firmware subcomponent in Pixel. A local application can execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pixel: before 2024-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/pixel/2024-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###