Details of VAR-202404-2956

ID

VAR-202404-2956

CVE

CVE-2024-29741

TITLE

Google of Android Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2024-025131

DESCRIPTION

In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States

Trust: 2.16

sources: NVD: CVE-2024-29741 // JVNDB: JVNDB-2024-025131 // CNVD: CNVD-2025-09217

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-09217

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	-	Trust: 1.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	pixel	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-09217 // JVNDB: JVNDB-2024-025131 // NVD: CVE-2024-29741

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-29741
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-025131
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-09217
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-09217
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-29741
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-025131
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-09217 // JVNDB: JVNDB-2024-025131 // NVD: CVE-2024-29741

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-025131 // NVD: CVE-2024-29741

PATCH

title:

Patch for Google Pixel Local Privilege Escalation Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/686336

Trust: 0.6

sources: CNVD: CNVD-2025-09217

EXTERNAL IDS

db:	NVD	id:	CVE-2024-29741	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-025131	Trust: 0.8
db:	CNVD	id:	CNVD-2025-09217	Trust: 0.6

sources: CNVD: CNVD-2025-09217 // JVNDB: JVNDB-2024-025131 // NVD: CVE-2024-29741

REFERENCES

url:	https://source.android.com/security/bulletin/pixel/2024-04-01	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-29741	Trust: 1.4

sources: CNVD: CNVD-2025-09217 // JVNDB: JVNDB-2024-025131 // NVD: CVE-2024-29741

SOURCES

db:	CNVD	id:	CNVD-2025-09217
db:	JVNDB	id:	JVNDB-2024-025131
db:	NVD	id:	CVE-2024-29741

LAST UPDATE DATE

2025-06-20T23:08:28.892000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-09217	date:	2025-05-08T00:00:00
db:	JVNDB	id:	JVNDB-2024-025131	date:	2025-06-18T01:31:00
db:	NVD	id:	CVE-2024-29741	date:	2025-06-17T20:45:58.880

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-09217	date:	2025-05-07T00:00:00
db:	JVNDB	id:	JVNDB-2024-025131	date:	2025-06-18T00:00:00
db:	NVD	id:	CVE-2024-29741	date:	2024-04-05T20:15:08.060