How severe is CVE-2024-34722?

CVE-2024-34722 has a CVSS v3 score of 8.8 (HIGH).

CVE-2024-34722

Name: android
Author: google

8.8HIGH

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege wit

公開日: 7/9/2024更新日: 1/21/2025

説明

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

AI分析AIによる分析

影響を受ける製品

googleandroid

12.0

googleandroid

12.1

googleandroid

13.0

googleandroid

14.0

参照

https://source.android.com/security/bulletin/2025-01-01
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/456f705b9acc78d8184536baff3d21b0bc11c957
Mailing ListPatch
https://source.android.com/security/bulletin/2024-07-01
Not Applicable