Arbitrary Code Execution Vulnerability in RGXMMUCacheInvalidate Function of RGXMEM by Imagination Technologies
CVE-2024-34732

8.4HIGH

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 28 January 2025

Summary

A vulnerability exists in the RGXMMUCacheInvalidate function within the rgxmem.c file, which allows for arbitrary code execution due to a race condition. This issue could enable attackers to escalate their privileges locally within the kernel without needing any additional execution permissions. Exploitation does not require user interaction, increasing the potential risk posed by this vulnerability.

Affected Version(s)

Android Android SoC

References

https://source.android.com/security/bulletin/2024-10-01

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
May 7, 2024