CVE-2024-32905

2024-06-1321:15:54

[email protected]

web.nvd.nist.gov

circ_read link_device_memory_legacy.c out of bounds write remote code execution no user interaction

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Android",
    "versions": [
      {
        "version": "Android kernel",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

source.android.com/security/bulletin/pixel/2024-06-01