Cyber Posture

CVE-2024-56191

High

Published: 10 March 2025

Published
10 March 2025
Modified
27 June 2025
KEV Added
Patch
CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 6.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56191 is a high-severity Improper Preservation of Permissions (CWE-281) vulnerability in Google Android. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the integer overflow vulnerability by requiring timely application of vendor patches as specified in the Android security bulletin for Pixel Watch.

SI-10 Information Input Validation partial match
prevent

Requires validation of inputs to the dhd_process_full_gscan_result function in the Wi-Fi driver to prevent integer overflows from malformed gscan results.

SI-16 Memory Protection partial match
prevent

Provides memory protection mechanisms such as ASLR and stack canaries to hinder local privilege escalation even if the integer overflow occurs.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Integer overflow in Broadcom Wi-Fi driver enables local privilege escalation on Android device without additional privileges or user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Deeper analysisAI

CVE-2024-56191 is an integer overflow vulnerability in the `dhd_process_full_gscan_result` function within `dhd_pno.c`, part of the Broadcom Wi-Fi driver implementation in Android. This flaw enables a potential escalation of privilege (EoP) and affects Pixel Watch devices, as detailed in the Android security bulletin for March 2025.

A local attacker can exploit this vulnerability without requiring additional execution privileges (PR:N), user interaction (UI:N), or complex setup (AC:L). Successful exploitation grants high-impact confidentiality, integrity, and availability effects (C:H/I:H/A:H), allowing the attacker to elevate privileges locally on the affected device, with a CVSS v3.1 base score of 8.4.

The Android Security Bulletin for Pixel Watch, dated 2025-03-01 and available at https://source.android.com/docs/security/bulletin/pixel-watch/2025/2025-03-01, addresses this issue with patches. Security practitioners should apply the recommended updates to mitigate the risk of local privilege escalation.

Details

CWE(s)
CWE-281

Affected Products

google
android
all versions

CVEs Like This One

CVE-2024-56192Same product: Google Android
CVE-2025-48574Same product: Google Android
CVE-2025-36920Same product: Google Android
CVE-2026-0011Same product: Google Android
CVE-2026-0020Same product: Google Android
CVE-2026-0117Same product: Google Android
CVE-2024-53833Same product: Google Android
CVE-2026-0010Same product: Google Android
CVE-2026-0037Same product: Google Android
CVE-2025-48577Same product: Google Android

References