In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/pixel/2024-10-01 | Vendor Advisory |
Configurations
History
28 Oct 2024, 17:58
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
Summary |
|
|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:o:google:android:-:*:*:*:*:*:*:* | |
References | () https://source.android.com/security/bulletin/pixel/2024-10-01 - Vendor Advisory | |
First Time |
Google android
|
25 Oct 2024, 17:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.4 |
25 Oct 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-25 11:15
Updated : 2024-10-28 17:58
NVD link : CVE-2024-47027
Mitre link : CVE-2024-47027
CVE.ORG link : CVE-2024-47027
JSON object : View
Products Affected
- android
CWE
NVD-CWE-noinfo
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')