CVE-2024-0030
Medium
Published: 16 February 2024
Published
16 February 2024
Modified
16 December 2024
KEV Added
—
Patch
01 February 2024
CVSS Score v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.0151
81.6th percentile
Risk Priority
12
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2024-0030 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Google Android. Its CVSS base score is 5.5 (Medium).
Operationally, ranked in the top 18.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-15833
Vulnerability details
In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
google
android
11.0, 12.0, 12.1, 13.0, 14.0
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.