CRITICAL🇵🇱 Wersja polska

CVE-2024-22004

CVSS 10.0v3.1pub. 2024-04-05upd. 2025-07-24

Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory from the Trusted Application

🤖 AI Analysis
How it works

The bug involves improper verification of data length (lack of adequate size checking — CWE-125, out-of-bounds read). An attacker with privileged access to an unsecured Linux operating system (so-called Normal World) can craft an appropriate request that exceeds the assumed buffer boundaries. This results in reading data from memory allocated to a Trusted Application running in a secure enclave (e.g., TrustZone), thereby bypassing the isolation between the unsecured and secured environment.

Impact

An attacker can gain access to sensitive data stored in a secure enclave (Trusted Application), which may lead to disclosure of cryptographic keys, credentials, or other sensitive information. In the context of the CVSS vector, complete compromise of system confidentiality, integrity, and availability is possible.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references (https://support.google.com/product-documentation/answer/14580222). Urgent firmware updates of all mentioned Google Nest Wifi devices to the version indicated by Google are recommended.

Who is affected

Google Nest Wifi Pro Firmware, Google Nest Wifi Pro, Google Nest Wifi Point Firmware, Google Nest Wifi Point, Google Nest Wifi Router Firmware — specific versions indicated in the manufacturer's references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Google Nest Wifi Point

    HW
    Google
    wszystkie wersje
  • Google Nest Wifi Point Firmware

    OS
    Google
    24r1
  • Google Nest Wifi Pro

    HW
    Google
    wszystkie wersje
  • Google Nest Wifi Pro Firmware

    OS
    Google
    24r1
  • Google Nest Wifi Router

    HW
    Google
    wszystkie wersje
  • Google Nest Wifi Router Firmware

    OS
    Google
    24r1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-6339CRITICAL10.0PL ✓ten sam produkt

Google Nest WiFi Pro – zdalne wykonanie kodu z uprawnieniami root i kompromitacja danych

CVE-2023-2626HIGH7.5ten sam produkt

There exists an authentication bypass vulnerability in OpenThread border router devices and implementations. T...

CVE-2024-22013MEDIUM5.3ten sam produkt

U-Boot environment is read from unauthenticated partition.

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2024-7971CRITICAL9.6⚠ KEVPL ✓ten sam vendor

Type confusion w V8 (Google Chrome/Edge) umożliwiający heap corruption