CVE-2024-29748

Published: Apr 5, 2024Modified: Oct 24, 2025CISA KEV

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Affected (1)

Products: Google: Android

Google

1 product

Android

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Google Android	Before 2024-04-05

Running on/with	Platform Versions
Google Pixel	All versions

Related CWEs

CWE-280

Improper Handling of Insufficient Permissions or Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

CWE-755

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

References (4)

https://source.android.com/security/bulletin/pixel/2024-04-01

Source: dsap-vuln-management@google.com

Vendor Advisory

https://source.android.com/security/bulletin/pixel/2024-04-01

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://twitter.com/GrapheneOS/status/1775308208472813609

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Broken LinkThird Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-29748

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.