CVE-2024-44096

Published: Sep 13, 2024Modified: Oct 15, 2024

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected (1)

Products: Google: Android

Google

1 product

Android

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Android	All versions

Related CWEs

CWE-1188

Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

References (1)

https://source.android.com/security/bulletin/pixel/2024-09-01

Source: dsap-vuln-management@google.com

Vendor Advisory

Timeline

No history available yet.