Lucene search

K
cveGoogle_DevicesCVE-2024-27231
HistoryApr 05, 2024 - 8:15 p.m.

CVE-2024-27231

2024-04-0520:15:07
CWE-125
Google_Devices
web.nvd.nist.gov
33
nvd
information disclosure
bounds check
local
tmu_get_tr_stats
out of bounds read

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6

Confidence

High

EPSS

0

Percentile

9.0%

In tmu_get_tr_stats of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Android",
    "versions": [
      {
        "version": "Android kernel",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6

Confidence

High

EPSS

0

Percentile

9.0%

Related for CVE-2024-27231