var-202402-0523
Vulnerability from variot
there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone made by the American company Google.
Google Pixel has a buffer overflow vulnerability caused by a lack of bounds checking. An attacker could exploit this vulnerability to escalate privileges
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-0523", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "android", "scope": "eq", "trust": 1.8, "vendor": "google", "version": null }, { "model": "android", "scope": null, "trust": 1.4, "vendor": "google", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-09897" }, { "db": "JVNDB", "id": "JVNDB-2024-002724" }, { "db": "NVD", "id": "CVE-2024-22012" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2024-22012" } ] }, "cve": "CVE-2024-22012", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.1, "id": "CNVD-2024-09897", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2024-22012", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2024-22012", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2024-09897", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-09897" }, { "db": "JVNDB", "id": "JVNDB-2024-002724" }, { "db": "NVD", "id": "CVE-2024-22012" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone made by the American company Google. \n\r\n\r\nGoogle Pixel has a buffer overflow vulnerability caused by a lack of bounds checking. An attacker could exploit this vulnerability to escalate privileges", "sources": [ { "db": "NVD", "id": "CVE-2024-22012" }, { "db": "JVNDB", "id": "JVNDB-2024-002724" }, { "db": "CNVD", "id": "CNVD-2024-09897" }, { "db": "VULMON", "id": "CVE-2024-22012" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-22012", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2024-002724", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2024-09897", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2024-22012", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-09897" }, { "db": "VULMON", "id": "CVE-2024-22012" }, { "db": "JVNDB", "id": "JVNDB-2024-002724" }, { "db": "NVD", "id": "CVE-2024-22012" } ] }, "id": "VAR-202402-0523", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2024-09897" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-09897" } ] }, "last_update_date": "2024-03-15T23:07:35.562000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Google Pixel buffer overflow vulnerability (CNVD-2024-09897)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/528041" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-09897" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-002724" }, { "db": "NVD", "id": "CVE-2024-22012" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://source.android.com/security/bulletin/pixel/2024-02-01" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-22012" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-09897" }, { "db": "VULMON", "id": "CVE-2024-22012" }, { "db": "JVNDB", "id": "JVNDB-2024-002724" }, { "db": "NVD", "id": "CVE-2024-22012" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2024-09897" }, { "db": "VULMON", "id": "CVE-2024-22012" }, { "db": "JVNDB", "id": "JVNDB-2024-002724" }, { "db": "NVD", "id": "CVE-2024-22012" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-23T00:00:00", "db": "CNVD", "id": "CNVD-2024-09897" }, { "date": "2024-02-07T00:00:00", "db": "VULMON", "id": "CVE-2024-22012" }, { "date": "2024-02-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-002724" }, { "date": "2024-02-07T16:15:47.687000", "db": "NVD", "id": "CVE-2024-22012" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-24T00:00:00", "db": "CNVD", "id": "CNVD-2024-09897" }, { "date": "2024-02-07T00:00:00", "db": "VULMON", "id": "CVE-2024-22012" }, { "date": "2024-02-19T04:49:00", "db": "JVNDB", "id": "JVNDB-2024-002724" }, { "date": "2024-03-12T21:15:57.953000", "db": "NVD", "id": "CVE-2024-22012" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Google\u00a0 of \u00a0Android\u00a0 Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-002724" } ], "trust": 0.8 } }
Loading...