How severe is CVE-2024-34722?

CVE-2024-34722 has a CVSS v3 score of 8.8 (HIGH).

CVE-2024-34722

Name: android
Author: google

8.8HIGH

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege wit

Опубликовано: 7/9/2024Обновлено: 1/21/2025

Описание

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

ИИ-АнализНа базе ИИ

Затронутые продукты

googleandroid

12.0

googleandroid

12.1

googleandroid

13.0

googleandroid

14.0

Ссылки

https://source.android.com/security/bulletin/2025-01-01
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/456f705b9acc78d8184536baff3d21b0bc11c957
Mailing ListPatch
https://source.android.com/security/bulletin/2024-07-01
Not Applicable