Cyber Resilience

CVE-2024-56191

High

Published: 10 March 2025

Published
10 March 2025
Modified
27 June 2025
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 6.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56191 is a high-severity Improper Preservation of Permissions (CWE-281) vulnerability in Google Android. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-56191 is an integer overflow vulnerability in the `dhd_process_full_gscan_result` function within `dhd_pno.c`, part of the Broadcom Wi-Fi driver implementation in Android. This flaw enables a potential escalation of privilege (EoP) and affects Pixel Watch devices, as detailed in the Android security bulletin for March 2025.

A local attacker can exploit this vulnerability without requiring additional execution privileges (PR:N), user interaction (UI:N), or complex setup (AC:L). Successful exploitation grants high-impact confidentiality, integrity, and availability effects (C:H/I:H/A:H), allowing the attacker to elevate privileges locally on the affected device, with a CVSS v3.1 base score of 8.4.

The Android Security Bulletin for Pixel Watch, dated 2025-03-01 and available at https://source.android.com/docs/security/bulletin/pixel-watch/2025/2025-03-01, addresses this issue with patches. Security practitioners should apply the recommended updates to mitigate the risk of local privilege escalation.

EU & UK References

Vulnerability details

In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Integer overflow in Broadcom Wi-Fi driver enables local privilege escalation on Android device without additional privileges or user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-56192Same product: Google Android
CVE-2024-40672Same product: Google Android
CVE-2025-48602Same product: Google Android
CVE-2026-0124Same product: Google Android
CVE-2024-49738Same product: Google Android
CVE-2024-40651Same product: Google Android
CVE-2026-0023Same product: Google Android
CVE-2025-48574Same product: Google Android
CVE-2025-48647Same product: Google Android
CVE-2025-48646Same product: Google Android

Affected Assets

google
android
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the integer overflow vulnerability by requiring timely application of vendor patches as specified in the Android security bulletin for Pixel Watch.

prevent

Requires validation of inputs to the dhd_process_full_gscan_result function in the Wi-Fi driver to prevent integer overflows from malformed gscan results.

prevent

Provides memory protection mechanisms such as ASLR and stack canaries to hinder local privilege escalation even if the integer overflow occurs.

References