Details of VAR-202503-0619

ID

VAR-202503-0619

CVE

CVE-2024-56191

TITLE

Google of Android Improper Permission Preservation Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-025637

DESCRIPTION

In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android contains an improper permissions retention vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel Watch is a durable smartwatch from Google

Trust: 2.16

sources: NVD: CVE-2024-56191 // JVNDB: JVNDB-2024-025637 // CNVD: CNVD-2025-05391

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-05391

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	-	Trust: 1.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	pixel watch	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-05391 // JVNDB: JVNDB-2024-025637 // NVD: CVE-2024-56191

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-56191
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-025637
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-05391
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-05391
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-56191
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-025637
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-05391 // JVNDB: JVNDB-2024-025637 // NVD: CVE-2024-56191

PROBLEMTYPE DATA

problemtype:	CWE-281	Trust: 1.0
problemtype:	Improper retention of permissions (CWE-281) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-025637 // NVD: CVE-2024-56191

PATCH

title:

Patch for Google Pixel Watch Integer Overflow Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/669581

Trust: 0.6

sources: CNVD: CNVD-2025-05391

EXTERNAL IDS

db:	NVD	id:	CVE-2024-56191	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-025637	Trust: 0.8
db:	CNVD	id:	CNVD-2025-05391	Trust: 0.6

sources: CNVD: CNVD-2025-05391 // JVNDB: JVNDB-2024-025637 // NVD: CVE-2024-56191

REFERENCES

url:	https://source.android.com/docs/security/bulletin/pixel-watch/2025/2025-03-01	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-56191	Trust: 1.4

sources: CNVD: CNVD-2025-05391 // JVNDB: JVNDB-2024-025637 // NVD: CVE-2024-56191

SOURCES

db:	CNVD	id:	CNVD-2025-05391
db:	JVNDB	id:	JVNDB-2024-025637
db:	NVD	id:	CVE-2024-56191

LAST UPDATE DATE

2025-07-04T23:33:22.614000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-05391	date:	2025-03-19T00:00:00
db:	JVNDB	id:	JVNDB-2024-025637	date:	2025-07-02T07:23:00
db:	NVD	id:	CVE-2024-56191	date:	2025-06-27T16:12:14.970

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-05391	date:	2025-03-19T00:00:00
db:	JVNDB	id:	JVNDB-2024-025637	date:	2025-07-02T00:00:00
db:	NVD	id:	CVE-2024-56191	date:	2025-03-10T21:15:39.880