CVE-2024-0045

In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Configurations

No configuration.

History

21 Nov 2024, 08:45

Type Values Removed Values Added
References () https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7d0f696f450241d8ba7a168ba14fa7b75032f0c9 - () https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7d0f696f450241d8ba7a168ba14fa7b75032f0c9 -
References () https://source.android.com/security/bulletin/2024-03-01 - () https://source.android.com/security/bulletin/2024-03-01 -

27 Aug 2024, 18:35

Type Values Removed Values Added
Summary
  • (es) En smp_proc_sec_req de smp_act.cc, existe una posible lectura fuera de los límites debido a una validación de entrada incorrecta. Esto podría conducir a la divulgación de información remota (próxima/adyacente) sin necesidad de privilegios de ejecución adicionales. La interacción del usuario no es necesaria para la explotación.
CWE CWE-20
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

11 Mar 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-11 17:15

Updated : 2024-11-21 08:45


NVD link : CVE-2024-0045

Mitre link : CVE-2024-0045

CVE.ORG link : CVE-2024-0045


JSON object : View

Products Affected

No product.

CWE
CWE-20

Improper Input Validation