In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/pixel/2024-10-01 | Vendor Advisory |
Configurations
History
28 Oct 2024, 17:58
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-190 | |
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.4 |
References | () https://source.android.com/security/bulletin/pixel/2024-10-01 - Vendor Advisory | |
CPE | cpe:2.3:o:google:android:-:*:*:*:*:*:*:* | |
First Time |
Google android
|
25 Oct 2024, 17:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.1 |
CWE | CWE-125 |
25 Oct 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-25 11:15
Updated : 2024-10-28 17:58
NVD link : CVE-2024-47028
Mitre link : CVE-2024-47028
CVE.ORG link : CVE-2024-47028
JSON object : View
Products Affected
- android