CVE-2024-53840
Published: 03 January 2025
Description
there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Security Summary
CVE-2024-53840 is a biometric bypass vulnerability stemming from an unusual root cause, enabling local escalation of privilege without requiring additional execution privileges or user interaction. It affects Google Pixel devices, as detailed in the Android security bulletin, and has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), with an associated CWE-276.
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of need for user interaction. Successful exploitation allows the attacker to gain high-impact access across confidentiality, integrity, and availability, effectively escalating privileges on the affected Pixel device.
The official mitigation is outlined in the Android Security Bulletin for Pixel devices dated 2024-12-01, available at https://source.android.com/security/bulletin/pixel/2024-12-01, which includes patches to address the issue. Security practitioners should ensure Pixel devices are updated to the patched firmware versions specified in the bulletin.
Details
- CWE(s)