CVE-2024-29748
published 2024-04-05CVE-2024-29748: there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges…
PriorityP181high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2024-04-25
Exploited in the wild
EPSS
0.68%
47.7th percentile
there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | < 2024-04-05 | 2024-04-05 | |
| android | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2024-29748 is exploited by forensic companies to interrupt a factory reset triggered by a device admin app, enabling unlock of Android Pixel devices without a PIN to access stored data — monitor for abnormal interruption of factory reset processes on Android Pixel devices ↗
- →CVE-2024-29748 is also tracked as CVE-2024-32896 in Google's own advisories; detections and patch verification should cross-reference both CVE identifiers for the same Pixel firmware EoP flaw ↗
- →CVE-2024-29748 is a privilege escalation requiring user interaction but no additional execution privileges — in-the-wild exploitation confirmed; treat any unpatched Android Pixel device below the 2024-04-01 Pixel security patch level as at risk ↗
- ·Exploitation requires user interaction (physical access to the device is implied by the forensic use-case); the attack vector is local, not remote ↗
- ·Not all Android devices are affected — the vulnerability is specific to Google Pixel firmware; non-Pixel Android vendors are not impacted by this particular CVE ↗
- ·CISA remediation deadline was 2024-04-25; patch reference is the April 2024 Pixel security bulletin (2024-04-01 patch level) ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w9xx-xhpg-c678: there is a possible way to bypass due to a logic error in the code
ghsa_unreviewed·2024-04-05
CVE-2024-29748 [HIGH] CWE-280 GHSA-w9xx-xhpg-c678: there is a possible way to bypass due to a logic error in the code
there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
OSV
CVE-2024-29748: there is a possible way to bypass due to a logic error in the code
osv·2024-04-01
CVE-2024-29748 CVE-2024-29748: there is a possible way to bypass due to a logic error in the code
there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
VulnCheck
Android Pixel Privilege Escalation Vulnerability
vulncheck·2024·CVSS 7.8
CVE-2024-29748 [HIGH] CWE-280 Android Pixel Privilege Escalation Vulnerability
Android Pixel Privilege Escalation Vulnerability
Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app.
Affected: Android Pixel
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://source.android.com/docs/security/bulletin/pixel/2024-04-01; https://x.com/GrapheneOS/status/1775305179581018286; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://ti.qianxin.com/uploads/2024/08/19/2274f632f6a1d8acd2f1801c24887edb.pdf; https://360.net/research/report/#:~:text=PDF-,Downl
CISA
Android Pixel Privilege Escalation Vulnerability
cisa·2024-04-04·CVSS 7.8
CVE-2024-29748 [HIGH] CWE-280 Android Pixel Privilege Escalation Vulnerability
Vulnerability: Android Pixel Privilege Escalation Vulnerability
Affected: Android Pixel
Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://source.android.com/docs/security/bulletin/pixel/2024-04-01; https://nvd.nist.gov/vuln/detail/CVE-2024-29748
Remediation Due Date: 2024-04-25
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Google fixes Android kernel zero-day exploited in targeted attacks
blogs_bleepingcomputer·2024-08-05·CVSS 7.8
CVE-2024-36971 [HIGH] Google fixes Android kernel zero-day exploited in targeted attacks
## Google fixes Android kernel zero-day exploited in targeted attacks
## Sergiu Gatlan
Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks.
The zero-day, tracked as CVE-2024-36971 , is a use after free (UAF) weakness in the Linux kernel's network route management. It requires System execution privileges for successful exploitation and allows altering the behavior of certain network connections.
Google says that "there are indications that CVE-2024-36971 may be under limited, targeted exploitation," with threat actors likely exploiting to gain arbitrary code execution without user interaction on unpatched devices.
Clément Lecigne, a security researcher from Google's Threat Analysis Group (TAG)
Checkpoint
8th April – Threat Intelligence Report
blogs_checkpoint·2024-04-08
CVE-2024-29745 8th April – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 8th April – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 8th April, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Acuity, a federal contractor, confirmed a cyber incident where hackers accessed its GitHub repositories, and stole various documents. The breach, linked to the threat actor IntelBroker, involved data from various U.S. government agencies. While Acuity claims to have found no evidence of sensitive data impact, the US State Depar
2024-04-05
Published
2024-04-04
Added to CISA KEV
Exploited in the wild