CVE-2024-32922

In gpu_pm_power_on_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://source.android.com/security/bulletin/pixel/2024-06-01

Configurations

No configuration.

History

20 Aug 2024, 18:35

Type	Values Removed	Values Added
CWE		CWE-843
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.4

17 Jun 2024, 12:43

Type	Values Removed	Values Added
Summary		(es) En gpu_pm_power_on_top_nolock de pixel_gpu_power.c, existe un posible compromiso de la memoria protegida debido a un error lógico en el código. Esto podría llevar a una escalada local de privilegios a TEE sin necesidad de privilegios de ejecución adicionales. La interacción del usuario no es necesaria para la explotación.

13 Jun 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-13 21:15

Updated : 2024-08-20 18:35

NVD link : CVE-2024-32922

Mitre link : CVE-2024-32922

CVE.ORG link : CVE-2024-32922

JSON object : View

Products Affected

No product.

CWE

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

7.4 /10