CVE-2024-32899
13.06.2024, 21:15
In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation.
| Vendor | Product | Version |
|---|---|---|
| android | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.