Out-of-Bounds Read Vulnerability in Android’s Protocol Call Adapter
CVE-2024-56185
5.1MEDIUM
Summary
A potential out-of-bounds read vulnerability has been identified in the ProtocolUnsolOnSSAdapter::GetServiceClass() method of the protocolcalladapter.cpp. This issue arises from a missing bounds check, which may facilitate local information disclosure. To exploit this vulnerability, baseband firmware compromise is required. Notably, user interaction is not necessary for the exploitation to occur, making this flaw a critical concern for Android device security.
Affected Version(s)
Android Android kernel
References
CVSS V3.1
Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved