CVE-2024-22004 — Out-of-bounds Read in Google Nest Wifi PRO

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

7.7HIGHNVD

CNA10.0

EPSS

0.1%

top 78.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Nest Wifi PRO Google Nest Wifi Point Firmware Google Nest Wifi PRO Firmware +1 more

Timeline

PublishedApr 5

Description

Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory from the Trusted Application

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 3.1 | Impact: 4.0

Affected Packages4 packages

▶CVEListV5google/nest_wifi_prov11

▶NVDgoogle/nest_wifi_pro_firmware24r1

▶NVDgoogle/nest_wifi_point_firmware24r1

▶NVDgoogle/nest_wifi_router_firmware24r1

🔴Vulnerability Details

CVEList

Unchecked length in Trusted Application on Google Nest Wifi Pro, leading to out of bounds read↗2024-04-05

▶

GHSA

GHSA-54gx-9g28-h45h: Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory fr↗2024-04-05

▶