CVE-2024-40649
Published: 28 January 2025
Description
In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
Security Summary
CVE-2024-40649 is a use-after-free vulnerability caused by a logic error in the code within TBD of TBD. It affects the kernel, as referenced in the Android Security Bulletin, and could lead to local escalation of privilege with no additional execution privileges required. The vulnerability is associated with CWE-416 and has a CVSS 3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high impact potential from a local attack vector.
An unprivileged local attacker can exploit this vulnerability without user interaction or elevated privileges beforehand. Successful exploitation allows escalation of privileges within the kernel, granting the attacker high levels of control over confidentiality, integrity, and availability of the affected system.
The Android Security Bulletin for October 2024, available at https://source.android.com/security/bulletin/2024-10-01, provides information on patches and mitigation measures for this vulnerability.
Details
- CWE(s)