CVE-2024-47013Incorrect Default Permissions in Google Android

CWE-276Incorrect Default Permissions4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 88.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedOct 25

Description

In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5google/androidAndroid kernel

🔴Vulnerability Details

2
GHSA
GHSA-2pm2-9wvh-w2w9: In pmucal_rae_handle_seq_int of flexpmu_cal_rae2024-10-25
OSV
CVE-2024-47013: In pmucal_rae_handle_seq_int of flexpmu_cal_rae2024-10-01

💬Community

1
Bugzilla
CVE-2021-47013 kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send2024-02-29