cbcvebase.
CVE-2024-29748
published 2024-04-05

CVE-2024-29748: there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges…

PriorityP181high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2024-04-25
Exploited in the wild
EPSS
0.68%
47.7th percentile
there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Affected

2 ranges
VendorProductVersion rangeFixed in
googleandroid< 2024-04-052024-04-05
googleandroid

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2024-29748 is exploited by forensic companies to interrupt a factory reset triggered by a device admin app, enabling unlock of Android Pixel devices without a PIN to access stored data — monitor for abnormal interruption of factory reset processes on Android Pixel devices
  • CVE-2024-29748 is also tracked as CVE-2024-32896 in Google's own advisories; detections and patch verification should cross-reference both CVE identifiers for the same Pixel firmware EoP flaw
  • CVE-2024-29748 is a privilege escalation requiring user interaction but no additional execution privileges — in-the-wild exploitation confirmed; treat any unpatched Android Pixel device below the 2024-04-01 Pixel security patch level as at risk
  • ·Exploitation requires user interaction (physical access to the device is implied by the forensic use-case); the attack vector is local, not remote
  • ·Not all Android devices are affected — the vulnerability is specific to Google Pixel firmware; non-Pixel Android vendors are not impacted by this particular CVE
  • ·CISA remediation deadline was 2024-04-25; patch reference is the April 2024 Pixel security bulletin (2024-04-01 patch level)

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.