Out of Bounds Read Vulnerability in Secure Element Implementation of Android
CVE-2024-56186

5.1MEDIUM

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 10 March 2025

Summary

A vulnerability in the secure element implementation of Android devices arises from an incorrect bounds check in the closeChannel function of secureelementimpl.cpp. This flaw permits potential out of bounds read scenarios, enabling attackers to access sensitive information locally without requiring execution privileges or user interaction. The vulnerability highlights the importance of securing bounds checking in critical code sections to prevent unintended data exposure.

Affected Version(s)

Android Android kernel

References

https://source.android.com/security/bulletin/pixel/2025-0...

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2025
Vulnerability Reserved
Dec 18, 2024