Local Priv Escal via Logic Error in Unknown Product CVE-2024-32896
CVE-2024-32896 Published on June 13, 2024
there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Known Exploited Vulnerability
This Android Pixel Privilege Escalation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.
The following remediation steps are recommended / required by July 4, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2024-32896 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Operator Precedence Logic Error
The program uses an expression in which operator precedence causes incorrect logic to be used. While often just a bug, operator precedence logic errors can have serious consequences if they are used in security-critical code, such as making an authentication decision.
Products Associated with CVE-2024-32896
Want to know whenever a new CVE is published for Google Android? stack.watch will email you.
Affected Versions
Google Android:- Version Android kernel is affected.
- Before 2024-06-01 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.