Memory Corruption Vulnerability in PPMP Protect MFCWF Buffer Could Lead to Local Escalation of Privilege
CVE-2024-44094

7.8HIGH

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 13 September 2024

What is CVE-2024-44094?

The vulnerability in Android's DRM framework arises from improper input validation procedures in the function ppmp_protect_mfcfw_buf located in code/drm_fw.c. This flaw can potentially allow an attacker to exploit memory corruption issues, resulting in local escalation of privileges. No additional execution privileges are necessary for exploitation, and the attack does not require user interaction, heightening the risk for device security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Android Android kernel

References

https://source.android.com/security/bulletin/pixel/2024-0...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2024
Vulnerability Reserved
Aug 19, 2024

JSON

Google

What is CVE-2024-44094?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.