In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a missing bounds check. This could lead to localcescalation of privilege with no additional execution privileges needed. Usercinteraction is not needed for exploitation.
The vulnerability results from missing bounds check verification in the dhd_prot_flowrings_pool_release function responsible for releasing the flow rings pool in the Wi-Fi communication driver (dhd_msgbuf.c). An attacker can cause data to be written outside the allocated buffer (out-of-bounds write, CWE-787), allowing manipulation of kernel memory structures. This results in the possibility of local privilege escalation without requiring user interaction.
A local attacker without additional privileges can obtain elevated system privileges (privilege escalation), which may lead to full control of the device.
Apply patches available from the manufacturer according to the references – Pixel security bulletin from 2024-11-01 (https://source.android.com/security/bulletin/pixel/2024-11-01).
Google Android – versions indicated in the manufacturer's references (Pixel security bulletin, 2024-11-01)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XGoogle Android
OSGooglewszystkie wersje
Related vulnerabilities
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...
Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...