How severe is CVE-2024-34722?

CVE-2024-34722 has a CVSS v3 score of 8.8 (HIGH).

CVE-2024-34722

Name: android
Author: google

8.8HIGH

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege wit

Publicado: 7/9/2024Actualizado: 1/21/2025

Descripción

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Análisis IAImpulsado por IA

Productos Afectados

googleandroid

12.0

googleandroid

12.1

googleandroid

13.0

googleandroid

14.0

Referencias

https://source.android.com/security/bulletin/2025-01-01
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/456f705b9acc78d8184536baff3d21b0bc11c957
Mailing ListPatch
https://source.android.com/security/bulletin/2024-07-01
Not Applicable