CVE-2024-43077
Published: 03 January 2025
Summary
CVE-2024-43077 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Google Android. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-43077 is a memory corruption vulnerability in the DevmemValidateFlags function of devicemem_server.c, resulting in a possible out-of-bounds write. This issue affects Android devices, as documented in the associated security bulletin.
A local attacker with low privileges (PR:L) can exploit this vulnerability without requiring user interaction or additional execution privileges. Successful exploitation enables local escalation of privilege, with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as reflected in its CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The root cause is classified under CWE-787 (Out-of-bounds Write).
Mitigation details, including available patches, are provided in the Android security bulletin at https://source.android.com/security/bulletin/2024-12-01.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-40709
Vulnerability details
In DevmemValidateFlags of devicemem_server.c , there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local memory corruption (OOB write) directly enables exploitation for privilege escalation on Android.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-16 implements memory protection mechanisms such as DEP and ASLR that directly prevent exploitation of out-of-bounds write vulnerabilities like the one in DevmemValidateFlags.
SI-2 requires timely flaw remediation, directly addressing the memory corruption vulnerability through patching as specified in the Android security bulletin.
AC-6 enforces least privilege on processes like devicemem_server, limiting the scope and impact of local privilege escalation from exploitation.