CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-29748

Critical Severity
Google
SVRS
75/100
CVSSv3
7.8/10
EPSS
0.00099/1

CVE-2024-29748 allows potential privilege escalation on vulnerable systems due to a logic error. This security vulnerability requires user interaction but could lead to a local escalation of privilege without needing extra permissions. SOCRadar's Vulnerability Risk Score (SVRS) for CVE-2024-29748 is 75, indicating a high level of risk. Although not considered critical (SVRS > 80), immediate investigation and patching are still strongly recommended. Exploits are currently available and this vulnerability is actively being exploited in the wild, and is on the CISA KEV list which means that it is a Known Exploited Vulnerability. Because of this, organizations should take proactive steps to remediate this flaw and reduce potential risk. The flaw involves a bypass due to a logical error, which if exploited can lead to serious issues.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:N
UI:R
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-04-05
LAST MODIFIED2024-08-14
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-29748 is a logic error vulnerability that allows for local escalation of privilege without additional execution privileges. User interaction is required for exploitation. The SVRS of 80 indicates a critical vulnerability that requires immediate attention.

Key Insights:

  • Active Exploitation: Active exploits have been published, indicating that hackers are actively exploiting the vulnerability.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning, calling for immediate and necessary measures to address the vulnerability.
  • Exploit Complexity: The vulnerability can be exploited with no additional execution privileges, making it easier for attackers to compromise systems.
  • User Interaction Required: User interaction is required for exploitation, highlighting the importance of user awareness and training.

Mitigation Strategies:

  • Apply Software Updates: Install the latest software updates from the vendor to patch the vulnerability.
  • Restrict User Privileges: Limit user privileges to the minimum necessary to perform their tasks, reducing the potential impact of an exploit.
  • Implement Network Segmentation: Segment networks to isolate critical systems and prevent the spread of attacks.
  • Enable Intrusion Detection and Prevention Systems: Deploy intrusion detection and prevention systems to monitor for and block malicious activity.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Android Pixel Privilege Escalation Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-297482024-04-04
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Google Patches New Android Kernel Vulnerability Exploited in the Wild - The Hacker News
2024-08-06
Google Patches New Android Kernel Vulnerability Exploited in the Wild - The Hacker News | News Content: Google has addressed a high-severity security flaw impacting the Android kernel that it said has been actively exploited in the wild. The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel. "There are indications that CVE-2024-36971 may be under limited, targeted exploitation," the tech giant noted in its monthly Android security bulletin for August 2024. As is typically the case, the company did not share any additional specifics on the nature of
google.com
rss
forum
news
Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw - The Hacker News
2024-09-04
Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw - The Hacker News | News Content: Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android Framework component. According to the description of the bug in the NIST National Vulnerability Database (NVD), it concerns a logic error that could lead to local escalation of privileges without requiring
google.com
rss
forum
news
Google fixed actively exploited Android flaw CVE-2024-32896 - Security Affairs
2024-09-04
Google fixed actively exploited Android flaw CVE-2024-32896 - Security Affairs | News Content: Google fixed actively exploited Android flaw CVE-2024-32896 Google addressed a security vulnerability in its Android operating system that is actively exploited in attacks in the wild. Google addressed a high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), in its Android operating system that is under active exploitation in the wild. The vulnerability CVE-2024-32896 is a privilege escalation in the Android Framework component. “there is a possible way to bypass due to a logic error in the code.” reads the advisory
cve-2024-29748
cve-2024-32896
cves
security
Government workers are being told to immediately update their Pixel phones to patch a serious exploit
Lawrence Bonk2024-06-24
Government workers are being told to immediately update their Pixel phones to patch a serious exploit | The US government has issued a dire warning to employees with Pixel phones, mandating a security update by July 4, as originally reported by Forbes. This is due to a high-severity firmware vulnerability within the Android operating system that could open up devices to “limited, targeted exploitation.” There’s already a
cve-2024-29748
cve-2024-32896
md5s
domains
Google fixed an actively exploited zero-day in the Pixel Firmware - Security Affairs
2024-06-13
Google fixed an actively exploited zero-day in the Pixel Firmware - Security Affairs | News Content: Google fixed an actively exploited zero-day in the Pixel Firmware Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. “There are indications that CVE-2024-32896 may be under limited, targeted exploitation.” reads the advisory. As usual, the IT giant did not
cve-2024-29748
cve-2024-29745
cve-2024-32896
cves
Google fixed an actively exploited zero-day in the Pixel Firmware
Pierluigi Paganini2024-06-13
Google fixed an actively exploited zero-day in the Pixel Firmware | Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. “There are indications that CVE-2024-32896 may be under limited, […]
cve-2024-32899
cve-2024-32892
cve-2024-29745
cve-2024-32896
Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day
Ajit Jasrotia2024-06-13
Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day | Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware. The company did not share any additional details related to the nature of attacks exploiting it, but noted […] The post Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day
cve-2024-29745
cve-2024-29748
cve-2024-4610
cve-2024-32896

Social Media

April 2024 monthly update for Pixels included a partial mitigation for this vulnerability in firmware (CVE-2024-29748). Android 14 QPR3 released in June 2024 includes a full solution for all Android devices by implementing the wipe-without-reboot proposal we made in our report.
1
0
6
We made our own wipe-without-reboot but we're backporting the Android 15 implementation instead of using ours. They made it in response to our vulnerability report about this (CVE-2024-29748): https://t.co/c4xnnbje04 Pixels added a firmware mitigation against it in April too.
1
2
10
Android CVE-2024-29748 is being exploited ITW. What is it? "there is a possible way to bypass due to a logic error in the code" A job done, Google. https://t.co/vsQKDj5i7J
1
0
6

Affected Software

Configuration 1
TypeVendorProduct
OSGoogleandroid

References

ReferenceLink
[email protected]https://source.android.com/security/bulletin/pixel/2024-04-01

CWE Details

CWE IDCWE NameDescription
CWE-280Improper Handling of Insufficient Permissions or PrivilegesThe application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state.
CWE-755Improper Handling of Exceptional ConditionsThe software does not handle or incorrectly handles an exceptional condition.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence