Details of VAR-202503-0620

ID

VAR-202503-0620

CVE

CVE-2024-56186

TITLE

Google Pixel closeChannel function buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-05233

DESCRIPTION

In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Google Pixel is a smartphone produced by Google in the United States. Google Pixel has a buffer overflow vulnerability. The vulnerability is caused by incorrect boundary checking in closeChannel of secureelementimpl.cpp

Trust: 1.44

sources: NVD: CVE-2024-56186 // CNVD: CNVD-2025-05233

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-05233

AFFECTED PRODUCTS

vendor:

google

model:

pixel

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-05233

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-56186
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-05233
value:	LOW
Trust: 0.6

CNVD:	CNVD-2025-05233
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-56186
baseSeverity:	MEDIUM
baseScore:	5.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	2.5
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-05233 // NVD: CVE-2024-56186

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.0

sources: NVD: CVE-2024-56186

PATCH

title:

Patch for Google Pixel closeChannel function buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/668991

Trust: 0.6

sources: CNVD: CNVD-2025-05233

EXTERNAL IDS

db:	NVD	id:	CVE-2024-56186	Trust: 1.6
db:	CNVD	id:	CNVD-2025-05233	Trust: 0.6

sources: CNVD: CNVD-2025-05233 // NVD: CVE-2024-56186

REFERENCES

url:	https://source.android.com/security/bulletin/pixel/2025-03-01	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-56186	Trust: 0.6

sources: CNVD: CNVD-2025-05233 // NVD: CVE-2024-56186

SOURCES

db:	CNVD	id:	CNVD-2025-05233
db:	NVD	id:	CVE-2024-56186

LAST UPDATE DATE

2025-03-21T23:30:13.754000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-05233	date:	2025-03-18T00:00:00
db:	NVD	id:	CVE-2024-56186	date:	2025-03-11T21:15:40.997

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-05233	date:	2025-03-17T00:00:00
db:	NVD	id:	CVE-2024-56186	date:	2025-03-10T19:15:39.193