[CVE-2024-29745] Android Pixel Information Disclosure Vulnerability

CISA KEV 정보

취약점명	Android Pixel Information Disclosure Vulnerability
설명	Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.
조치사항	Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
랜섬웨어 캠페인 악용	Unknown
CWE	CWE-908
등록일 (KEV)	2024-04-04
조치 기한	2024-04-25
추가 참고	https://source.android.com/docs/security/bulletin/pixel/2024-04-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-29745

NVD 상세 정보

CVSS v3.1: 5.5 MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

설명: there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CWE: CWE-908 | CWE-908

참조

https://source.android.com/security/bulletin/pixel/2024-04-01 [Vendor Advisory]
https://source.android.com/security/bulletin/pixel/2024-04-01 [Vendor Advisory]
https://twitter.com/GrapheneOS/status/1775306481622995226 [Third Party Advisory]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-29745 [US Government Resource]

This product uses the NVD API but is not endorsed or certified by the NVD.

바로 가기

[CVE-2024-29745] Android Pixel Information Disclosure Vulnerability

CISA KEV 정보

NVD 상세 정보

참조

IT 도구 서랍