How severe is CVE-2024-29745?

CVE-2024-29745 has a CVSS v3 score of 5.5 (MEDIUM).

CVE-2024-29745

Name: android
Author: google

5.5MEDIUM

there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for

发布于: 4/5/2024更新于: 10/24/2025

CISA已知被利用漏洞

Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.

所需操作:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

截止日期:

2024-04-25

描述

there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

AI分析AI驱动

受影响产品

googleandroid

参考资料

https://source.android.com/security/bulletin/pixel/2024-04-01
Vendor Advisory
https://source.android.com/security/bulletin/pixel/2024-04-01
Vendor Advisory
https://twitter.com/GrapheneOS/status/1775306481622995226
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-29745
US Government Resource