Sign-up

ID

VAR-202410-2333


CVE

CVE-2024-47028


TITLE

Google  of  Android  Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-011331

DESCRIPTION

In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an integer overflow vulnerability.Information may be obtained. Google Pixel is a smartphone produced by Google in the United States. Attackers can exploit this vulnerability to cause out-of-bounds reading

Trust: 2.16

sources: NVD: CVE-2024-47028 // JVNDB: JVNDB-2024-011331 // CNVD: CNVD-2024-45881

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-45881

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion: -

Trust: 1.8

vendor:googlemodel:androidscope: - version: -

Trust: 0.8

vendor:googlemodel:pixelscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2024-45881 // JVNDB: JVNDB-2024-011331 // NVD: CVE-2024-47028

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-47028
value: MEDIUM

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-47028
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-47028
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2024-45881
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-45881
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-47028
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-47028
baseSeverity: MEDIUM
baseScore: 5.1
vectorString: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.4
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-47028
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-45881 // JVNDB: JVNDB-2024-011331 // NVD: CVE-2024-47028 // NVD: CVE-2024-47028

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.0

problemtype:CWE-125

Trust: 1.0

problemtype:Out-of-bounds read (CWE-125) [ others ]

Trust: 0.8

problemtype: Integer overflow or wraparound (CWE-190) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-011331 // NVD: CVE-2024-47028

PATCH

title:Patch for Google Pixel ffu.c file integer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/611781

Trust: 0.6

sources: CNVD: CNVD-2024-45881

EXTERNAL IDS

db:NVDid:CVE-2024-47028

Trust: 3.2

db:JVNDBid:JVNDB-2024-011331

Trust: 0.8

db:CNVDid:CNVD-2024-45881

Trust: 0.6

sources: CNVD: CNVD-2024-45881 // JVNDB: JVNDB-2024-011331 // NVD: CVE-2024-47028

REFERENCES

url:https://source.android.com/security/bulletin/pixel/2024-10-01

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-47028

Trust: 1.4

sources: CNVD: CNVD-2024-45881 // JVNDB: JVNDB-2024-011331 // NVD: CVE-2024-47028

SOURCES

db:CNVDid:CNVD-2024-45881
db:JVNDBid:JVNDB-2024-011331
db:NVDid:CVE-2024-47028

LAST UPDATE DATE

2024-11-26T23:13:00.346000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-45881date:2024-11-25T00:00:00
db:JVNDBid:JVNDB-2024-011331date:2024-10-29T00:16:00
db:NVDid:CVE-2024-47028date:2024-10-28T17:58:00.427

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-45881date:2024-11-08T00:00:00
db:JVNDBid:JVNDB-2024-011331date:2024-10-29T00:00:00
db:NVDid:CVE-2024-47028date:2024-10-25T11:15:17.280