OpenCVE

In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android

Configuration 1 [-]

OR	cpe:2.3:o:google:android:12.0:::::::*
	cpe:2.3:o:google:android:12.1:::::::*
	cpe:2.3:o:google:android:13.0:::::::*
	cpe:2.3:o:google:android:14.0:::::::*

No data.

References

Link	Providers
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/015c618a0461def93138173a53daaf27ca0630c9
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/17044ccf3a2858633cad8f87926e752edfe0d8d8
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f0f35273101518d1f3a660b151804e90d0249af3
https://source.android.com/security/bulletin/2024-03-01

History

Tue, 26 Nov 2024 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google android
Weaknesses		CWE-787
CPEs		cpe:2.3:o:google:android:12.0:::::::* cpe:2.3:o:google:android:12.1:::::::* cpe:2.3:o:google:android:13.0:::::::* cpe:2.3:o:google:android:14.0:::::::*
Vendors & Products		Google Google android
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: google_android

Published: 2024-03-11T16:35:21.612Z

Updated: 2024-08-01T17:41:15.869Z

Reserved: 2023-11-16T22:59:18.600Z

Link: CVE-2024-0039

Vulnrichment

Updated: 2024-08-01T17:41:15.869Z

NVD

Status : Analyzed

Published: 2024-03-11T17:15:45.350

Modified: 2024-11-26T14:26:56.233

Link: CVE-2024-0039

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0039", "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "state": "PUBLISHED", "assignerShortName": "google_android", "dateReserved": "2023-11-16T22:59:18.600Z", "datePublished": "2024-03-11T16:35:21.612Z", "dateUpdated": "2024-08-01T17:41:15.869Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android", "dateUpdated": "2024-03-11T16:35:21.612Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Remote code execution"}]}], "affected": [{"vendor": "Google", "product": "Android", "versions": [{"version": "14", "status": "affected"}, {"version": "13", "status": "affected"}, {"version": "12L", "status": "affected"}, {"version": "12", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."}], "references": [{"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/17044ccf3a2858633cad8f87926e752edfe0d8d8"}, {"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f0f35273101518d1f3a660b151804e90d0249af3"}, {"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/015c618a0461def93138173a53daaf27ca0630c9"}, {"url": "https://source.android.com/security/bulletin/2024-03-01"}]}, "adp": [{"affected": [{"vendor": "google", "product": "android", "cpes": ["cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "12.0", "status": "affected"}]}, {"vendor": "google", "product": "android", "cpes": ["cpe:2.3:o:google:android:12l:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "12l", "status": "affected"}]}, {"vendor": "google", "product": "android", "cpes": ["cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "13.0", "status": "affected"}]}, {"vendor": "google", "product": "android", "cpes": ["cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "14.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-11T17:35:33.507699Z", "id": "CVE-2024-0039", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T13:45:32.076Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T17:41:15.869Z"}, "title": "CVE Program Container", "references": [{"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/17044ccf3a2858633cad8f87926e752edfe0d8d8", "tags": ["x_transferred"]}, {"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f0f35273101518d1f3a660b151804e90d0249af3", "tags": ["x_transferred"]}, {"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/015c618a0461def93138173a53daaf27ca0630c9", "tags": ["x_transferred"]}, {"url": "https://source.android.com/security/bulletin/2024-03-01", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/17044ccf3a2858633cad8f87926e752edfe0d8d8", "tags": ["x_transferred"]}, {"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f0f35273101518d1f3a660b151804e90d0249af3", "tags": ["x_transferred"]}, {"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/015c618a0461def93138173a53daaf27ca0630c9", "tags": ["x_transferred"]}, {"url": "https://source.android.com/security/bulletin/2024-03-01", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T17:41:15.869Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0039", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-11T17:35:33.507699Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*"], "vendor": "google", "product": "android", "versions": [{"status": "affected", "version": "12.0"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:google:android:12l:*:*:*:*:*:*:*"], "vendor": "google", "product": "android", "versions": [{"status": "affected", "version": "12l"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*"], "vendor": "google", "product": "android", "versions": [{"status": "affected", "version": "13.0"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*"], "vendor": "google", "product": "android", "versions": [{"status": "affected", "version": "14.0"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T13:45:18.710Z"}}], "cna": {"affected": [{"vendor": "Google", "product": "Android", "versions": [{"status": "affected", "version": "14"}, {"status": "affected", "version": "13"}, {"status": "affected", "version": "12L"}, {"status": "affected", "version": "12"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/17044ccf3a2858633cad8f87926e752edfe0d8d8"}, {"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f0f35273101518d1f3a660b151804e90d0249af3"}, {"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/015c618a0461def93138173a53daaf27ca0630c9"}, {"url": "https://source.android.com/security/bulletin/2024-03-01"}], "descriptions": [{"lang": "en", "value": "In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Remote code execution"}]}], "providerMetadata": {"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android", "dateUpdated": "2024-03-11T16:35:21.612Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0039", "state": "PUBLISHED", "dateUpdated": "2024-08-01T17:41:15.869Z", "dateReserved": "2023-11-16T22:59:18.600Z", "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "datePublished": "2024-03-11T16:35:21.612Z", "assignerShortName": "google_android"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."}, {"lang": "es", "value": "En attp_build_value_cmd de att_protocol.cc, hay una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."}], "id": "CVE-2024-0039", "lastModified": "2024-11-26T14:26:56.233", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-11T17:15:45.350", "references": [{"source": "security@android.com", "tags": ["Patch"], "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/015c618a0461def93138173a53daaf27ca0630c9"}, {"source": "security@android.com", "tags": ["Patch"], "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/17044ccf3a2858633cad8f87926e752edfe0d8d8"}, {"source": "security@android.com", "tags": ["Patch"], "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f0f35273101518d1f3a660b151804e90d0249af3"}, {"source": "security@android.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://source.android.com/security/bulletin/2024-03-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/015c618a0461def93138173a53daaf27ca0630c9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/17044ccf3a2858633cad8f87926e752edfe0d8d8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f0f35273101518d1f3a660b151804e90d0249af3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://source.android.com/security/bulletin/2024-03-01"}], "sourceIdentifier": "security@android.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}