CRITICAL🇵🇱 Wersja polska

CVE-2024-32911

CVSS 9.8v3.1pub. 2024-06-13upd. 2024-11-21

There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

🤖 AI Analysis
How it works

The vulnerability lies in improper use of cryptography (CWE-327 — use of a broken or risky cryptographic algorithm, CWE-347 — improper verification of cryptographic signature). Incorrect implementation of cryptographic mechanisms may allow an attacker to bypass security measures based on integrity verification or data authenticity. Exploitation is possible remotely, without the need to possess additional privileges or engage the user.

Impact

An attacker can remotely obtain privilege escalation on a vulnerable Android device, potentially gaining full control over the system (confidentiality, integrity, and availability are fully threatened).

Mitigation & patch

Security patches available from the manufacturer should be applied in accordance with references — Pixel Security Bulletin published 2024-06-01 (https://source.android.com/security/bulletin/pixel/2024-06-01). Immediate software update of the device to the latest available version is recommended.

Who is affected

Google Android — versions indicated in manufacturer references (Pixel Security Bulletin from June 2024)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Google Android

    OS
    Google
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-16010CRITICAL9.6⚠ KEVten sam produkt

Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...

CVE-2016-1019CRITICAL9.8⚠ KEVten sam produkt

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...

CVE-2026-13851CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-13852CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-14106CRITICAL9.6ten sam produkt

Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...