CVE-2024-49729 β€” Sensitive Information Exposure in System Core

2 documents2 sources
Severity
β€”N/A
No vector
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Platform System Core
Timeline
PublishedFeb 1

Description

In GetTable of dm.cpp, there is a possible way to leak the raw FDE key in bug reports due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Packages1 packages

β–ΆAndroidplatform/system_core15-next:0 β€” 15-next:2025-02-01+5

πŸ”΄Vulnerability Details

1
OSV
CVE-2024-49729: In GetTable of dm↗2025-02-01
β–Ά

πŸ“‹Vendor Advisories

1
Android
CVE-2024-49729: Android Security Bulletin 2025-02-01 CVE: CVE-2024-49729 Severity: HIGH Type: ID Affected AOSP versions: 12, 12L, 13, 14, 15 References: A-368069390β†—2025-02-01
β–Ά
CVE-2024-49729 β€” Sensitive Information Exposure | cvebase