CVE-2024-29745

CVSS 5.5 MEDIUMEPSS 0.5%● KEVCWE-908

In short

A part of the system doesn't properly clean up data in memory before using it, which can leak private information to unauthorized users on the same device. No special access or user action is needed for this to happen.

Technical detail

Uninitialized memory buffer is accessed before being set to safe values, allowing local attackers to read sensitive data without elevated privileges or user interaction. This is a classic information disclosure vulnerability where residual data from previous operations remains accessible.

Summary generated and translated by AI from the official description.

there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Google · Android

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://source.android.com/security/bulletin/pixel/2024-04-01 https://twitter.com/GrapheneOS/status/1775306481622995226 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-29745