CVE-2024-53835

High

Published: 03 January 2025

Published

03 January 2025

Modified

24 July 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0001 0.4th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Security Summary

CVE-2024-53835 is a vulnerability affecting Android software on Google Pixel devices, enabling a possible biometric bypass due to an unusual root cause. This issue, associated with CWE-276, could lead to local escalation of privilege without requiring additional execution privileges or user interaction. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity for local attacks.

A local attacker with low privileges can exploit this vulnerability due to its low complexity and lack of need for user interaction. Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability, potentially granting elevated privileges on the affected device.

The Pixel security bulletin dated 2024-12-01 addresses this vulnerability with patches. Security practitioners should consult https://source.android.com/security/bulletin/pixel/2024-12-01 for mitigation details and apply the recommended updates to affected devices.

Details

CWE(s): CWE-276

Affected Products

google

android

all versions

References

https://source.android.com/security/bulletin/pixel/2024-12-01
Vendor Advisory · dsap-vuln-management@google.com