Out-of-Bounds Read Vulnerability in Android’s Protocol Call Adapter
CVE-2024-56185

5.1MEDIUM

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 10 March 2025

Summary

A potential out-of-bounds read vulnerability has been identified in the ProtocolUnsolOnSSAdapter::GetServiceClass() method of the protocolcalladapter.cpp. This issue arises from a missing bounds check, which may facilitate local information disclosure. To exploit this vulnerability, baseband firmware compromise is required. Notably, user interaction is not necessary for the exploitation to occur, making this flaw a critical concern for Android device security.

Affected Version(s)

Android Android kernel

References

https://source.android.com/security/bulletin/pixel/2025-0...

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2025
Vulnerability Reserved
Dec 18, 2024