Cyber Resilience

CVE-2024-43768

High

Published: 03 January 2025

Published
03 January 2025
Modified
21 April 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0015 35.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-43768 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Google Android. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 35.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-43768 is a vulnerability in the Skia graphics library, manifesting as an out-of-bounds write due to an integer overflow in the skia_alloc_func within SkDeflate.cpp. This issue affects the Android platform, specifically the external/skia component.

A local attacker with low privileges can exploit this vulnerability to achieve escalation of privilege, requiring no additional execution privileges or user interaction. The CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) reflects its high impact potential on confidentiality, integrity, and availability for local users with straightforward exploitation conditions.

The Android Security Bulletin for December 2024 details the vulnerability and provides patches. A fix is implemented in commit b5543cb8c6b95623743016055220378efe73eb93 in the Android external Skia repository.

EU & UK References

Vulnerability details

In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local memory corruption vulnerability (OOB write) directly enables exploitation for privilege escalation from low-privileged context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-49745Same product: Google Android
CVE-2024-53837Same product: Google Android
CVE-2024-53838Same product: Google Android
CVE-2026-0124Same product: Google Android
CVE-2024-49738Same product: Google Android
CVE-2026-0037Same product: Google Android
CVE-2026-0117Same product: Google Android
CVE-2026-0123Same product: Google Android
CVE-2024-43077Same product: Google Android
CVE-2026-0010Same product: Google Android

Affected Assets

google
android
12.0, 12.1, 13.0, 14.0, 15.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates identification, reporting, prioritization, and timely remediation of flaws like the integer overflow in Skia_alloc_func, eliminating the vulnerability to prevent local privilege escalation.

prevent

Implements memory protection mechanisms such as address space layout randomization and data execution prevention that mitigate out-of-bounds writes from integer overflows, blocking exploitation for privilege escalation.

prevent

Requires validation of information inputs to graphics library functions like SkDeflate, addressing potential integer overflows triggered by malformed deflate data inputs.

References