CRITICAL🇵🇱 Wersja polska

CVE-2024-47039

CVSS 10.0v4.0pub. 2024-12-18upd. 2025-07-24

In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local  information disclosure with no additional execution privileges needed. User  interaction is not needed for exploitation.

🤖 AI Analysis
How it works

An out of bounds read error (CWE-125) occurs in the isSlotMarkedSuccessful function of the BootControl.cpp component. Due to lack of array or buffer boundary verification, it is possible to read data outside the intended memory area. The attacker does not need additional execution privileges or user interaction to trigger this vulnerability locally.

Impact

An attacker with local access to the device can obtain unauthorized access to sensitive data stored in memory outside the intended buffer. The vulnerability leads to information disclosure (local information disclosure), without the possibility of direct code execution.

Mitigation & patch

Security patches available from the vendor should be applied according to references — Google Pixel security bulletin published 2024-11-01: https://source.android.com/security/bulletin/pixel/2024-11-01

Who is affected

Google Android — specific versions indicated in vendor references (Pixel security bulletin from 2024-11-01)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Google Android

    OS
    Google
    10.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-16010CRITICAL9.6⚠ KEVten sam produkt

Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...

CVE-2016-1019CRITICAL9.8⚠ KEVten sam produkt

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...

CVE-2026-13851CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-13852CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-14106CRITICAL9.6ten sam produkt

Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...