How severe is CVE-2024-34722?

CVE-2024-34722 has a CVSS v3 score of 8.8 (HIGH).

CVE-2024-34722

Name: android
Author: google

8.8HIGH

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege wit

Published: 7/9/2024Updated: 1/21/2025

Description

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

AI AnalysisPowered by AI

Affected Products

googleandroid

12.0

googleandroid

12.1

googleandroid

13.0

googleandroid

14.0

References

https://source.android.com/security/bulletin/2025-01-01
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/456f705b9acc78d8184536baff3d21b0bc11c957
Mailing ListPatch
https://source.android.com/security/bulletin/2024-07-01
Not Applicable