CVE-2024-31336

2024-09-1100:09:16

google_android

github.com

arbitrary code execution

input validation

local escalation

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:imaginationtech:ddk:*:*:*:*:*:*:*:*"
    ],
    "vendor": "imaginationtech",
    "product": "ddk",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "24.1"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

source.android.com/security/bulletin/2024-09-01