Use-After-Free Vulnerability in Android Kernel
CVE-2024-40651

8.4HIGH

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 28 January 2025

Summary

This vulnerability presents a use-after-free issue in the Android kernel, stemming from a logic error in the code. It allows local escalation of privilege, meaning that an attacker can exploit this flaw without needing additional execution privileges or user interaction. This can lead to significant risks if not promptly addressed.

Affected Version(s)

Android Android SoC

References

https://source.android.com/security/bulletin/2024-10-01

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Jul 8, 2024