Out-of-Bounds Read Vulnerability in Android’s Protocol Call Adapter
CVE-2024-56185

5.1MEDIUM

Key Information:

Vendor
Google
Status
Vendor
CVE Published:
10 March 2025

Summary

A potential out-of-bounds read vulnerability has been identified in the ProtocolUnsolOnSSAdapter::GetServiceClass() method of the protocolcalladapter.cpp. This issue arises from a missing bounds check, which may facilitate local information disclosure. To exploit this vulnerability, baseband firmware compromise is required. Notably, user interaction is not necessary for the exploitation to occur, making this flaw a critical concern for Android device security.

Affected Version(s)

Android Android kernel

References

CVSS V3.1

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.