CRITICAL🇵🇱 Wersja polska

CVE-2024-47040

CVSS 10.0v4.0pub. 2024-12-18upd. 2025-07-24

There is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

🤖 AI Analysis
How it works

A logical error in the code leads to a situation where a memory area is freed but remains accessible for use (use-after-free, CWE-416). An attacker can exploit this state to manipulate code execution flow in a way that leads to obtaining higher system privileges. Exploitation does not require any additional execution permissions or user interaction.

Impact

An attacker with local access to the device can obtain privilege escalation to a higher system level without the need for additional permissions. Successful exploitation of the vulnerability can lead to complete takeover of system control.

Mitigation & patch

Security patches from the manufacturer must be applied according to references — Android/Pixel security bulletin dated 2024-11-01 available at https://source.android.com/security/bulletin/pixel/2024-11-01

Who is affected

Google Android — specific versions indicated in the manufacturer's references (Pixel security bulletin from November 2024)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Google Android

    OS
    Google
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2020-16010CRITICAL9.6⚠ KEVten sam produkt

Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...

CVE-2016-1019CRITICAL9.8⚠ KEVten sam produkt

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...

CVE-2026-13851CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-13852CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-14106CRITICAL9.6ten sam produkt

Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...