Out-of-Bounds Read Vulnerability in Android’s Protocol Call Adapter
CVE-2024-56185

5.1MEDIUM

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 10 March 2025

What is CVE-2024-56185?

A potential out-of-bounds read vulnerability has been identified in the ProtocolUnsolOnSSAdapter::GetServiceClass() method of the protocolcalladapter.cpp. This issue arises from a missing bounds check, which may facilitate local information disclosure. To exploit this vulnerability, baseband firmware compromise is required. Notably, user interaction is not necessary for the exploitation to occur, making this flaw a critical concern for Android device security.

Affected Version(s)

Android Android kernel

References

https://source.android.com/security/bulletin/pixel/2025-0...

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2025
Vulnerability Reserved
Dec 18, 2024

Google

What is CVE-2024-56185?

Affected Version(s)

References

CVSS V3.1

Timeline