Out of Bounds Read Vulnerability in TIPC Device Development by Android
CVE-2024-56184

5.1MEDIUM

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 10 March 2025

Summary

An out of bounds read vulnerability exists in the TIPC device driver that stems from a flawed bounds check mechanism in the 'dev_send' (tipc_dev_ql) function. This vulnerability can potentially lead to the disclosure of sensitive information stored locally on the device. It is important to note that successful exploitation of this vulnerability requires no additional execution privileges or user interaction.

Affected Version(s)

Android Android kernel

References

https://source.android.com/security/bulletin/pixel/2025-0...

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2025
Vulnerability Reserved
Dec 18, 2024