CVE-2024-40649 — Use After Free in Google Android

CWE-416 — Use After Free5 documents5 sources

Severity

8.4HIGHNVD

EPSS

0.0%

top 91.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android

Timeline

PublishedJan 28

Description

In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5google/androidAndroid SoC

🔴Vulnerability Details

GHSA

GHSA-mjp5-6cq8-qv5g: In TBD of TBD, there is a possible use-after-free due to a logic error in the code↗2025-01-28

▶

CVEList

CVE-2024-40649: In TBD of TBD, there is a possible use-after-free due to a logic error in the code↗2025-01-28

▶

OSV

CVE-2024-40649: In TBD of TBD, there is a possible use-after-free due to a logic error in the code↗2024-10-01

▶

📋Vendor Advisories

Android

CVE-2024-40649: PowerVR-GPU↗2024-10-01

▶