CVE-2024-34733 β€” Integer Overflow or Wraparound in Google Android

CWE-190 β€” Integer Overflow or Wraparound5 documents5 sources
Severity
8.4HIGHNVD
EPSS
0.0%
top 91.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedJan 28

Description

In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages1 packages

β–ΆCVEListV5google/androidAndroid SoC

πŸ”΄Vulnerability Details

3
GHSA
GHSA-vwg3-f59h-rpvc: In DevmemXIntMapPages of devicemem_server↗2025-01-28
β–Ά
CVEList
CVE-2024-34733: In DevmemXIntMapPages of devicemem_server↗2025-01-28
β–Ά
OSV
CVE-2024-34733: In DevmemXIntMapPages of devicemem_server↗2024-10-01
β–Ά

πŸ“‹Vendor Advisories

1
Android
CVE-2024-34733: PowerVR-GPU↗2024-10-01
β–Ά
CVE-2024-34733 β€” Integer Overflow or Wraparound | cvebase