How severe is CVE-2024-34722?

CVE-2024-34722 has a CVSS v3 score of 8.8 (HIGH).

CVE-2024-34722

Name: android
Author: google

8.8HIGH

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege wit

게시됨: 7/9/2024업데이트됨: 1/21/2025

설명

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

AI 분석AI 기반

영향받는 제품

googleandroid

12.0

googleandroid

12.1

googleandroid

13.0

googleandroid

14.0

참조

https://source.android.com/security/bulletin/2025-01-01
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/456f705b9acc78d8184536baff3d21b0bc11c957
Mailing ListPatch
https://source.android.com/security/bulletin/2024-07-01
Not Applicable