CVERadar

CVE-2024-32892

Medium Severity

Google

SVRS

34/100

CVSSv3

7.8/10

EPSS

0.00011/1

CVE-2024-32892: Memory corruption vulnerability in Goodix devices! CVE-2024-32892 describes a type confusion vulnerability within the handle_init function in goodix/main/main.c, potentially leading to local privilege escalation. This vulnerability allows an attacker to gain elevated privileges on a compromised device without requiring any user interaction or additional execution privileges.

While the CVSS score is 7.8, indicating high severity, the SOCRadar Vulnerability Risk Score (SVRS) of 34 suggests a lower immediate risk compared to critical vulnerabilities. However, it's still crucial to address this security flaw promptly, especially since the vulnerability is tagged as "In The Wild" meaning that it is currently being exploited. Successful exploitation of CVE-2024-32892 can severely compromise the security posture of affected systems, potentially allowing attackers to perform unauthorized actions. Mitigation steps should be taken as soon as possible.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-32892 | Google Android goodix/main/main.c handle_init type confusion

vuldb.com2024-07-11

CVE-2024-32892 | Google Android goodix/main/main.c handle_init type confusion | A vulnerability was found in Google Android. It has been classified as problematic. This affects the function handle_init of the file goodix/main/main.c. The manipulation leads to type confusion. This vulnerability is uniquely identified as CVE-2024-32892. It is possible to launch the attack on the local

cve-2024-32892

domains

urls

cves

Google fixed an actively exploited zero-day in the Pixel Firmware

Pierluigi Paganini2024-06-13

Google fixed an actively exploited zero-day in the Pixel Firmware | Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. “There are indications that CVE-2024-32896 may be under limited, […]

cve-2024-32899

cve-2024-32892

cve-2024-29745

cve-2024-32896

Social Media

CVE

@CVEnew

2024-06-13

CVE-2024-32892 In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional… https://t.co/Yn66H9h1NF

Affected Software

Configuration 1

Type	Vendor	Product
OS	Google	android

References

Reference	Link
[email protected]	https://source.android.com/security/bulletin/pixel/2024-06-01
AF854A3A-2127-422B-91AE-364DA2661108	https://source.android.com/security/bulletin/pixel/2024-06-01
[email protected]	https://source.android.com/security/bulletin/pixel/2024-06-01

CWE Details

CWE ID	CWE Name	Description
CWE-843	Access of Resource Using Incompatible Type ('Type Confusion')	The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence