Details of VAR-202410-2073

ID

VAR-202410-2073

CVE

CVE-2024-47026

TITLE

Google of Android Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-011359

DESCRIPTION

In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained. Google Pixel is a smartphone from Google Inc. There is a buffer overflow vulnerability in Google Pixel. The vulnerability is caused by incorrect boundary checking in gsc_gsa_rescue of gsc_gsa.c. Attackers can exploit this vulnerability to cause out-of-bounds reading

Trust: 2.16

sources: NVD: CVE-2024-47026 // JVNDB: JVNDB-2024-011359 // CNVD: CNVD-2024-45883

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-45883

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	-	Trust: 1.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	pixel	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2024-45883 // JVNDB: JVNDB-2024-011359 // NVD: CVE-2024-47026

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-47026
value:	MEDIUM
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-47026
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-47026
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-45883
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-45883
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-47026
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-47026
baseSeverity:	MEDIUM
baseScore:	5.1
vectorString:	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.4
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2024-47026
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-45883 // JVNDB: JVNDB-2024-011359 // NVD: CVE-2024-47026 // NVD: CVE-2024-47026

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8
problemtype:	Out-of-bounds read (CWE-125) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-011359 // NVD: CVE-2024-47026

PATCH

title:

Patch for Google Pixel gsc_gsa.c file buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/611791

Trust: 0.6

sources: CNVD: CNVD-2024-45883

EXTERNAL IDS

db:	NVD	id:	CVE-2024-47026	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-011359	Trust: 0.8
db:	CNVD	id:	CNVD-2024-45883	Trust: 0.6

sources: CNVD: CNVD-2024-45883 // JVNDB: JVNDB-2024-011359 // NVD: CVE-2024-47026

REFERENCES

url:	https://source.android.com/security/bulletin/pixel/2024-10-01	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-47026	Trust: 1.4

sources: CNVD: CNVD-2024-45883 // JVNDB: JVNDB-2024-011359 // NVD: CVE-2024-47026

SOURCES

db:	CNVD	id:	CNVD-2024-45883
db:	JVNDB	id:	JVNDB-2024-011359
db:	NVD	id:	CVE-2024-47026

LAST UPDATE DATE

2024-11-26T23:08:42.366000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-45883	date:	2024-11-25T00:00:00
db:	JVNDB	id:	JVNDB-2024-011359	date:	2024-10-29T01:35:00
db:	NVD	id:	CVE-2024-47026	date:	2024-10-28T17:59:12.397

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-45883	date:	2024-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2024-011359	date:	2024-10-29T00:00:00
db:	NVD	id:	CVE-2024-47026	date:	2024-10-25T11:15:17.167