Details of VAR-202503-0619

ID

VAR-202503-0619

CVE

CVE-2024-56191

TITLE

Google Pixel Watch Integer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-05391

DESCRIPTION

In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google Pixel Watch is a durable smartwatch from Google

Trust: 1.44

sources: NVD: CVE-2024-56191 // CNVD: CNVD-2025-05391

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-05391

AFFECTED PRODUCTS

vendor:

google

model:

pixel watch

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-05391

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-56191
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-05391
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-05391
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-56191
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-05391 // NVD: CVE-2024-56191

PROBLEMTYPE DATA

problemtype:

CWE-281

Trust: 1.0

sources: NVD: CVE-2024-56191

PATCH

title:

Patch for Google Pixel Watch Integer Overflow Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/669581

Trust: 0.6

sources: CNVD: CNVD-2025-05391

EXTERNAL IDS

db:	NVD	id:	CVE-2024-56191	Trust: 1.6
db:	CNVD	id:	CNVD-2025-05391	Trust: 0.6

sources: CNVD: CNVD-2025-05391 // NVD: CVE-2024-56191

REFERENCES

url:	https://source.android.com/docs/security/bulletin/pixel-watch/2025/2025-03-01	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-56191	Trust: 0.6

sources: CNVD: CNVD-2025-05391 // NVD: CVE-2024-56191

SOURCES

db:	CNVD	id:	CNVD-2025-05391
db:	NVD	id:	CVE-2024-56191

LAST UPDATE DATE

2025-03-21T23:25:36.750000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-05391	date:	2025-03-19T00:00:00
db:	NVD	id:	CVE-2024-56191	date:	2025-03-11T16:15:16.743

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-05391	date:	2025-03-19T00:00:00
db:	NVD	id:	CVE-2024-56191	date:	2025-03-10T21:15:39.880