Vulnerabilites related to google - pixel
CVE-2023-4164 (GCVE-0-2023-4164)
Vulnerability from cvelistv5
Published
2024-01-02 21:20
Modified
2024-09-06 17:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pixel Watch |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:google:pixel_watch:10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pixel_watch",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "10"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-08T19:31:26.198837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T17:52:41.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "Pixel Watch",
"vendor": "Google",
"versions": [
{
"status": "unknown",
"version": "v10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a possible information\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edisclosure due to a missing permission check. This could lead to local\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003einformation disclosure of health data with no additional execution\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;privileges needed.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There is a possible information\u00a0disclosure due to a missing permission check. This could lead to local\u00a0information disclosure of health data with no additional execution\u00a0privileges needed.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-02T21:20:15.891Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "There is a possible information disclosure due to a missing permission check in Pixel Watch",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2023-4164",
"datePublished": "2024-01-02T21:20:15.891Z",
"dateReserved": "2023-08-04T20:20:39.581Z",
"dateUpdated": "2024-09-06T17:52:41.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29748 (GCVE-0-2024-29748)
Vulnerability from cvelistv5
Published
2024-04-05 20:02
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"lessThan": "2024-04-05_patch",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:google:pixel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pixel",
"vendor": "google",
"versions": [
{
"lessThan": "*",
"status": "unknown",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29748",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T16:18:07.255435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-04-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-29748"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "CWE-280 Improper Handling of Insufficient Permissions or Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:37:05.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://twitter.com/GrapheneOS/status/1775308208472813609"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-04T00:00:00+00:00",
"value": "CVE-2024-29748 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-05T20:02:16.425Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-29748",
"datePublished": "2024-04-05T20:02:16.425Z",
"dateReserved": "2024-03-19T15:05:26.954Z",
"dateUpdated": "2025-07-30T01:37:05.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47020 (GCVE-0-2024-47020)
Vulnerability from cvelistv5
Published
2024-10-25 10:34
Modified
2024-10-28 20:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T17:20:32.373490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T20:19:11.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:37:00.000Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-47020",
"datePublished": "2024-10-25T10:34:05.317Z",
"dateReserved": "2024-09-16T18:51:44.743Z",
"dateUpdated": "2024-10-28T20:19:11.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5346 (GCVE-0-2016-5346)
Vulnerability from cvelistv5
Published
2020-01-08 18:39
Modified
2024-08-06 01:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280).
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:00:58.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97371"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038201"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-04-01.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-08T18:39:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/97371"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1038201"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://source.android.com/security/bulletin/2017-04-01.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/97371",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/97371"
},
{
"name": "http://www.securitytracker.com/id/1038201",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1038201"
},
{
"name": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474",
"refsource": "MISC",
"url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474"
},
{
"name": "https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346",
"refsource": "MISC",
"url": "https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346"
},
{
"name": "https://source.android.com/security/bulletin/2017-04-01.html",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/2017-04-01.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5346",
"datePublished": "2020-01-08T18:39:45",
"dateReserved": "2016-06-09T00:00:00",
"dateUpdated": "2024-08-06T01:00:58.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-44100 (GCVE-0-2024-44100)
Vulnerability from cvelistv5
Published
2024-10-25 10:34
Modified
2024-10-25 18:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "android_kernel"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-44100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T18:43:22.487800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T18:46:51.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:37:00.000Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-44100",
"datePublished": "2024-10-25T10:34:03.553Z",
"dateReserved": "2024-08-19T16:32:38.651Z",
"dateUpdated": "2024-10-25T18:46:51.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15361 (GCVE-0-2017-15361)
Vulnerability from cvelistv5
Published
2017-10-16 17:00
Modified
2024-08-05 19:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:25.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://monitor.certipath.com/rsatest"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"name": "VU#307015",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crocs-muni/roca"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
},
{
"name": "101484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101484"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://keychest.net/roca"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-14T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://monitor.certipath.com/rsatest"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"name": "VU#307015",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crocs-muni/roca"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
},
{
"name": "101484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101484"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://keychest.net/roca"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160",
"refsource": "MISC",
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"name": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/",
"refsource": "MISC",
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"name": "https://blog.cr.yp.to/20171105-infineon.html",
"refsource": "MISC",
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
},
{
"name": "https://monitor.certipath.com/rsatest",
"refsource": "MISC",
"url": "https://monitor.certipath.com/rsatest"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
},
{
"name": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17",
"refsource": "MISC",
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"name": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/",
"refsource": "MISC",
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"name": "http://support.lenovo.com/us/en/product_security/LEN-15552",
"refsource": "CONFIRM",
"url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171024-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"name": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM",
"refsource": "MISC",
"url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"name": "VU#307015",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"name": "https://github.com/crocs-muni/roca",
"refsource": "MISC",
"url": "https://github.com/crocs-muni/roca"
},
{
"name": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update",
"refsource": "MISC",
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"name": "https://www.yubico.com/support/security-advisories/ysa-2017-01/",
"refsource": "CONFIRM",
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
},
{
"name": "101484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101484"
},
{
"name": "https://keychest.net/roca",
"refsource": "MISC",
"url": "https://keychest.net/roca"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15361",
"datePublished": "2017-10-16T17:00:00",
"dateReserved": "2017-10-15T00:00:00",
"dateUpdated": "2024-08-05T19:57:25.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47022 (GCVE-0-2024-47022)
Vulnerability from cvelistv5
Published
2024-10-25 10:34
Modified
2024-10-28 20:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:google:pixel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pixel",
"vendor": "google",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T17:19:59.091043Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T20:17:19.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:37:00.000Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-47022",
"datePublished": "2024-10-25T10:34:05.677Z",
"dateReserved": "2024-09-16T19:14:14.859Z",
"dateUpdated": "2024-10-28T20:17:19.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-04-05 20:15
Modified
2024-11-29 16:39
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| dsap-vuln-management@google.com | https://source.android.com/security/bulletin/pixel/2024-04-01 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://source.android.com/security/bulletin/pixel/2024-04-01 | Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://twitter.com/GrapheneOS/status/1775308208472813609 | Broken Link, Third Party Advisory |
{
"cisaActionDue": "2024-04-25",
"cisaExploitAdd": "2024-04-04",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Android Pixel Privilege Escalation Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CBAE50F-4C4C-4B51-90A9-E2228D211DC5",
"versionEndExcluding": "2024-04-05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B17D3A78-87DD-44CD-AB11-3E42AEB1A1D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."
},
{
"lang": "es",
"value": "Existe una posible forma de omitirlo debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"id": "CVE-2024-29748",
"lastModified": "2024-11-29T16:39:20.167",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-05T20:15:08.407",
"references": [
{
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://twitter.com/GrapheneOS/status/1775308208472813609"
}
],
"sourceIdentifier": "dsap-vuln-management@google.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-280"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-25 11:15
Modified
2024-10-28 13:50
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| dsap-vuln-management@google.com | https://source.android.com/security/bulletin/pixel/2024-10-01 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | * | ||
| pixel | - | ||
| pixel_2 | - | ||
| pixel_2_xl | - | ||
| pixel_3 | - | ||
| pixel_3_xl | - | ||
| pixel_3a | - | ||
| pixel_3a_xl | - | ||
| pixel_4 | - | ||
| pixel_4_xl | - | ||
| pixel_4a | - | ||
| pixel_4a_5g | - | ||
| pixel_5 | - | ||
| pixel_5a | - | ||
| pixel_6 | - | ||
| pixel_6_pro | - | ||
| pixel_6a | - | ||
| pixel_7 | - | ||
| pixel_7_pro | - | ||
| pixel_7a | - | ||
| pixel_8 | - | ||
| pixel_8_pro | - | ||
| pixel_8a | - | ||
| pixel_9 | - | ||
| pixel_9_pro | - | ||
| pixel_9_pro_fold | - | ||
| pixel_c | - | ||
| pixel_fold | - | ||
| pixel_pro_xl | - | ||
| pixel_slate | - | ||
| pixel_tablet | - | ||
| pixel_xl | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1716AE3-39FD-430C-9B82-FDDEB29775B8",
"versionEndExcluding": "2024-10-05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B17D3A78-87DD-44CD-AB11-3E42AEB1A1D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B76B2AD-52E2-41D2-82D7-557DC32E064F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_2_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50F1BE2A-DC55-4AC2-8272-FC793CB93B48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95B55D72-61F8-4957-9C3D-8009C6966F40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "128E8B67-E19C-4C1A-B7FB-081ACDB243C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F56191C-4FF1-4309-9169-AA83CF2F23F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3a_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59B24F-5624-4BCB-985A-2CC9987EA69C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EFE6CB-CAFD-4F38-8548-A19A0FBFECC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BF63E4-BD56-40F9-AA33-5EB5D1D2A7BE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E49FC5D-ACC7-498F-88E9-293AB276CF63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4a_5g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3936C02-6FC1-4B53-A54E-C49DBEFBC17A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821F3393-1034-4812-A091-D753EDA59E60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_5a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD673E4-9A74-4029-9E99-F741711A529C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C27C4FD0-E67A-4D54-A00A-BDD59AAABB4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBDD7EC-7E2D-4703-9CE8-8B2422146F6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99FFC9C6-24A6-4479-8DA1-93DA62C89048",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1347ED-56D0-4AF8-92D8-D4E427B5A1CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23904900-3001-4EA1-9A6C-C8F7EB2D3C42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C74EE811-A472-4509-A52F-34EE65FEDE7B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7669A258-53B3-4599-B304-A99C47278583",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E43578F-1598-4343-AC12-B71DE4E33C50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF365A22-58DA-4D98-ADF0-FFD566BD62B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D7038F-BF44-45ED-8C35-6DD98D72A043",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0889AF-7B08-42CE-A721-87D99B9F27CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9_pro_fold:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3485B56E-3A9C-4960-B58E-CE5291BD66CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9526852E-8BF4-42AA-A9BC-84FEC564B871",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_fold:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05242EED-D230-4968-A0B1-1472D6D645D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_pro_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0EF14B-06EF-4229-8364-7049A6E53D32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_slate:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A412160-3367-4945-BD00-A0D730C271CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_tablet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "831D6339-087B-4CFA-9AF7-FBE6FB5F7E00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1674845A-B3D0-43E2-98FC-06E29A3C6A77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545."
},
{
"lang": "es",
"value": "Android anterior al 2024-10-05 en los dispositivos Google Pixel permite la divulgaci\u00f3n de informaci\u00f3n en el componente del m\u00f3dem, A-299774545."
}
],
"id": "CVE-2024-44100",
"lastModified": "2024-10-28T13:50:50.743",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-10-25T11:15:16.293",
"references": [
{
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
}
],
"sourceIdentifier": "dsap-vuln-management@google.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-25 11:15
Modified
2024-10-28 21:35
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| dsap-vuln-management@google.com | https://source.android.com/security/bulletin/pixel/2024-10-01 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | * | ||
| pixel | - | ||
| pixel_2 | - | ||
| pixel_2_xl | - | ||
| pixel_3 | - | ||
| pixel_3_xl | - | ||
| pixel_3a | - | ||
| pixel_3a_xl | - | ||
| pixel_4 | - | ||
| pixel_4_xl | - | ||
| pixel_4a | - | ||
| pixel_4a_5g | - | ||
| pixel_5 | - | ||
| pixel_5a | - | ||
| pixel_6 | - | ||
| pixel_6_pro | - | ||
| pixel_6a | - | ||
| pixel_7 | - | ||
| pixel_7_pro | - | ||
| pixel_7a | - | ||
| pixel_8 | - | ||
| pixel_8_pro | - | ||
| pixel_8a | - | ||
| pixel_9 | - | ||
| pixel_9_pro | - | ||
| pixel_9_pro_fold | - | ||
| pixel_c | - | ||
| pixel_fold | - | ||
| pixel_pro_xl | - | ||
| pixel_slate | - | ||
| pixel_tablet | - | ||
| pixel_xl | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1716AE3-39FD-430C-9B82-FDDEB29775B8",
"versionEndExcluding": "2024-10-05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B17D3A78-87DD-44CD-AB11-3E42AEB1A1D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B76B2AD-52E2-41D2-82D7-557DC32E064F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_2_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50F1BE2A-DC55-4AC2-8272-FC793CB93B48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95B55D72-61F8-4957-9C3D-8009C6966F40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "128E8B67-E19C-4C1A-B7FB-081ACDB243C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F56191C-4FF1-4309-9169-AA83CF2F23F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3a_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59B24F-5624-4BCB-985A-2CC9987EA69C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EFE6CB-CAFD-4F38-8548-A19A0FBFECC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BF63E4-BD56-40F9-AA33-5EB5D1D2A7BE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E49FC5D-ACC7-498F-88E9-293AB276CF63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4a_5g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3936C02-6FC1-4B53-A54E-C49DBEFBC17A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821F3393-1034-4812-A091-D753EDA59E60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_5a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD673E4-9A74-4029-9E99-F741711A529C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C27C4FD0-E67A-4D54-A00A-BDD59AAABB4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBDD7EC-7E2D-4703-9CE8-8B2422146F6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99FFC9C6-24A6-4479-8DA1-93DA62C89048",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1347ED-56D0-4AF8-92D8-D4E427B5A1CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23904900-3001-4EA1-9A6C-C8F7EB2D3C42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C74EE811-A472-4509-A52F-34EE65FEDE7B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7669A258-53B3-4599-B304-A99C47278583",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E43578F-1598-4343-AC12-B71DE4E33C50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF365A22-58DA-4D98-ADF0-FFD566BD62B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D7038F-BF44-45ED-8C35-6DD98D72A043",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0889AF-7B08-42CE-A721-87D99B9F27CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9_pro_fold:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3485B56E-3A9C-4960-B58E-CE5291BD66CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9526852E-8BF4-42AA-A9BC-84FEC564B871",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_fold:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05242EED-D230-4968-A0B1-1472D6D645D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_pro_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0EF14B-06EF-4229-8364-7049A6E53D32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_slate:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A412160-3367-4945-BD00-A0D730C271CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_tablet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "831D6339-087B-4CFA-9AF7-FBE6FB5F7E00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1674845A-B3D0-43E2-98FC-06E29A3C6A77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656."
},
{
"lang": "es",
"value": "Android anterior al 2024-10-05 en los dispositivos Google Pixel permite la divulgaci\u00f3n de informaci\u00f3n en el componente ACPM, A-331255656."
}
],
"id": "CVE-2024-47022",
"lastModified": "2024-10-28T21:35:18.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-10-25T11:15:16.950",
"references": [
{
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
}
],
"sourceIdentifier": "dsap-vuln-management@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-16 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://support.lenovo.com/us/en/product_security/LEN-15552 | Mitigation, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/101484 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/ | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://blog.cr.yp.to/20171105-infineon.html | ||
| cve@mitre.org | https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf | ||
| cve@mitre.org | https://crocs.fi.muni.cz/public/papers/rsa_ccs17 | Issue Tracking, Mitigation, Third Party Advisory | |
| cve@mitre.org | https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/ | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/crocs-muni/roca | Mitigation, Third Party Advisory | |
| cve@mitre.org | https://github.com/iadgov/Detect-CVE-2017-15361-TPM | Mitigation, Third Party Advisory | |
| cve@mitre.org | https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01 | ||
| cve@mitre.org | https://keychest.net/roca | Issue Tracking, Mitigation, Third Party Advisory | |
| cve@mitre.org | https://monitor.certipath.com/rsatest | Mitigation, Third Party Advisory | |
| cve@mitre.org | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20171024-0001/ | ||
| cve@mitre.org | https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update | Issue Tracking, Mitigation, Patch, Third Party Advisory | |
| cve@mitre.org | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us | ||
| cve@mitre.org | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us | ||
| cve@mitre.org | https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html | ||
| cve@mitre.org | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html | ||
| cve@mitre.org | https://www.kb.cert.org/vuls/id/307015 | Issue Tracking, Mitigation, Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://www.yubico.com/support/security-advisories/ysa-2017-01/ | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.lenovo.com/us/en/product_security/LEN-15552 | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101484 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/ | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.cr.yp.to/20171105-infineon.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://crocs.fi.muni.cz/public/papers/rsa_ccs17 | Issue Tracking, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/ | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/crocs-muni/roca | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/iadgov/Detect-CVE-2017-15361-TPM | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://keychest.net/roca | Issue Tracking, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://monitor.certipath.com/rsatest | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20171024-0001/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update | Issue Tracking, Mitigation, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/307015 | Issue Tracking, Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.yubico.com/support/security-advisories/ysa-2017-01/ | Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| infineon | trusted_platform_firmware | 4.31 | |
| infineon | trusted_platform_firmware | 4.32 | |
| infineon | trusted_platform_firmware | 6.40 | |
| infineon | trusted_platform_firmware | 133.32 | |
| acer | c720_chromebook | - | |
| acer | chromebase | - | |
| acer | chromebase_24 | - | |
| acer | chromebook_11_c730 | - | |
| acer | chromebook_11_c730e | - | |
| acer | chromebook_11_c735 | - | |
| acer | chromebook_11_c740 | - | |
| acer | chromebook_11_c771 | - | |
| acer | chromebook_11_c771t | - | |
| acer | chromebook_11_n7_c731 | - | |
| acer | chromebook_13_cb5-311 | - | |
| acer | chromebook_14_cb3-431 | - | |
| acer | chromebook_14_for_work_cp5-471 | - | |
| acer | chromebook_15_cb3-531 | - | |
| acer | chromebook_15_cb3-532 | - | |
| acer | chromebook_15_cb5-571 | - | |
| acer | chromebook_r11 | - | |
| acer | chromebook_r13_cb5-312t | - | |
| acer | chromebox | - | |
| acer | chromebox_cxi2 | - | |
| aopen | chromebase | - | |
| aopen | chromebase | - | |
| aopen | chromebox | - | |
| aopen | chromeboxi | - | |
| asi | chromebook | - | |
| asus | chromebit_cs10 | - | |
| asus | chromebook_c200 | - | |
| asus | chromebook_c201pa | - | |
| asus | chromebook_c202sa | - | |
| asus | chromebook_c300 | - | |
| asus | chromebook_c300sa | - | |
| asus | chromebook_c301sa | - | |
| asus | chromebook_flip_c100pa | - | |
| asus | chromebook_flip_c302 | - | |
| asus | chromebox_cn60 | - | |
| asus | chromebox_cn62 | - | |
| bobicus | chromebook_11 | * | |
| ctl | j2_chromebook | - | |
| ctl | j4_chromebook | - | |
| ctl | j5_chromebook | - | |
| ctl | n6_chromebook | - | |
| ctl | nl61_chromebook | - | |
| dell | chromebook_11 | - | |
| dell | chromebook_11_3120 | - | |
| dell | chromebook_11_3189 | - | |
| dell | chromebook_11_model_3180 | - | |
| dell | chromebook_13_3380 | - | |
| dell | chromebox | - | |
| edugear | chromebook_k | - | |
| edugear | chromebook_m | - | |
| edugear | chromebook_r | - | |
| edugear | cmt_chromebook | - | |
| edxis | chromebook | - | |
| edxis | education_chromebook | - | |
| epik | chromebook_elb1101 | - | |
| pixel | - | ||
| haier | chromebook_11 | - | |
| haier | chromebook_11_c | - | |
| haier | chromebook_11_g2 | - | |
| haier | chromebook_11e | - | |
| hexa | chromebook_pi | - | |
| hisense | chromebook_11 | - | |
| hp | chromebook | - | |
| hp | chromebook_11-vxxx | - | |
| hp | chromebook_11_1100-1199 | - | |
| hp | chromebook_11_2000-2099 | - | |
| hp | chromebook_11_2100-2199 | - | |
| hp | chromebook_11_2200-2299 | - | |
| hp | chromebook_11_g1 | - | |
| hp | chromebook_11_g2 | - | |
| hp | chromebook_11_g3 | - | |
| hp | chromebook_11_g4\/g4_ee | - | |
| hp | chromebook_11_g5 | - | |
| hp | chromebook_11_g5_ee | - | |
| hp | chromebook_13_g1 | - | |
| hp | chromebook_14 | - | |
| hp | chromebook_14_ak000-099 | - | |
| hp | chromebook_14_g3 | - | |
| hp | chromebook_14_g4 | - | |
| hp | chromebook_14_x000-x999 | - | |
| hp | chromebox_cb1-\(000-099\) | - | |
| hp | chromebox_g1 | - | |
| lenovo | 100s_chromebook | - | |
| lenovo | n20_chromebook | - | |
| lenovo | n21_chromebook | - | |
| lenovo | n22_chromebook | - | |
| lenovo | n23_chromebook | - | |
| lenovo | n23_flex_11_chromebook | - | |
| lenovo | n23_yoga_11_chromebook | - | |
| lenovo | n42_chromebook | - | |
| lenovo | thinkcentre_chromebox | - | |
| lenovo | thinkpad_11e_chromebook | - | |
| lenovo | thinkpad_13_chromebook | - | |
| lg | chromebase_22cb25s | - | |
| lg | chromebase_22cv241 | - | |
| medion | akoya_s2013 | - | |
| medion | chromebook_s2015 | - | |
| mercer | chromebook | - | |
| mercer | v2_chromebook | - | |
| ncomputing | chromebook_cx100 | - | |
| nexian | chromebook | - | |
| pcmerge | chromebook_pcm-116t-432b | - | |
| poin2 | chromebook_11 | - | |
| poin2 | chromebook_14 | - | |
| positivo | chromebook_ch1190 | - | |
| prowise | entry_line_chromebook | - | |
| prowise | proline_chromebook | - | |
| rgs | education_chromebook | - | |
| samsung | chromebook_2_11 | - | |
| samsung | chromebook_2_11_xe500c12 | - | |
| samsung | chromebook_2_13 | - | |
| samsung | chromebook_3 | - | |
| samsung | chromebook_plus | - | |
| samsung | chromebook_pro | - | |
| sector-five | e1_rugged_chromebook | - | |
| senkatel | c1101_chromebook | - | |
| toshiba | chromebook | - | |
| toshiba | chromebook_2 | - | |
| toshiba | chromebook_2 | - | |
| true | idc_chromebook | - | |
| true | idc_chromebook_11 | - | |
| videonet | chromebook | - | |
| videonet | chromebook_bl10 | - | |
| viglen | chromebook_11 | - | |
| viglen | chromebook_360 | - | |
| xolo | chromebook | - | |
| infineon | rsa_library | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:infineon:trusted_platform_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6D825C88-A5D7-4C1F-B09B-FF63FCE1B5F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:infineon:trusted_platform_firmware:4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "5C08FA98-E0C2-4382-94BD-5C40DECD1DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:infineon:trusted_platform_firmware:6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "D4751A17-AD4C-4F50-B0DD-4E02427BBA2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:infineon:trusted_platform_firmware:133.32:*:*:*:*:*:*:*",
"matchCriteriaId": "1A8A144B-1859-4C49-8AC4-10EB0FD740F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:acer:c720_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "878D0151-EE41-4EF6-A424-DA855C18986A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebase:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57181990-1011-424B-8B0D-4FCBEE35E888",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebase_24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11A4C072-B9A0-47ED-8060-AA0159AF0020",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_11_c730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "088996B8-E506-4A50-8EB0-5A1258D681AC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_11_c730e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B50E8CCB-3B69-42E4-8AEE-88D0D7B9EB2F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_11_c735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F326698-B295-4807-A4B4-0BAA9B66589E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_11_c740:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDAE0DD7-5608-4556-9978-EE7E01023DA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_11_c771:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7D2911-0265-4B37-8CD8-42DCEC7EABDB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_11_c771t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3DD548B-AD54-4C47-9134-6B7A2398160B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_11_n7_c731:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ADB4F13-0684-424B-AA6B-8A7018777984",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_13_cb5-311:-:*:*:*:*:*:*:*",
"matchCriteriaId": "295D21FA-D8D2-4C19-A5B6-50D7281B2A59",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_14_cb3-431:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08683AB6-D690-408C-A5C7-9EF32A40876D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_14_for_work_cp5-471:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47665085-66B9-4E11-9D20-3A5A73352D91",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_15_cb3-531:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B6973F7-0B85-4064-8879-543A243D8A8B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_15_cb3-532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72BE3BCF-6FE8-46F1-B774-60916DE234CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_15_cb5-571:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0413E176-3B87-4333-A9FB-A0727015ACDC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_r11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "075859B8-D6BE-45BB-81A0-C89792743BB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_r13_cb5-312t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A25AC3-0FB5-4F01-9865-0938E3976D96",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D33132B-CC32-4640-8BF7-F8FCF80F6EC0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebox_cxi2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA85C38-CDBC-4163-8105-4E902ADD747A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:aopen:chromebase:-:*:commercial:*:*:*:*:*",
"matchCriteriaId": "A5821187-153C-48BD-802B-89FD159755D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:aopen:chromebase:-:*:mini:*:*:*:*:*",
"matchCriteriaId": "6D656A2B-6234-4BB2-A5CC-54B4EBA59FE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:aopen:chromebox:-:*:commercial:*:*:*:*:*",
"matchCriteriaId": "589B967C-3EF0-42DF-9FEF-C3411AC38B4E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:aopen:chromeboxi:-:*:mini:*:*:*:*:*",
"matchCriteriaId": "3CB7F169-02A0-44B4-816B-0135DFD46905",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asi:chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF33E72-2E47-4D41-9B05-8D13B26694F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebit_cs10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68B8BACC-0F84-41A6-BBE0-3987B1E56A8D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebook_c200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "280E26E9-5075-469C-A1B1-0CC833B32520",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebook_c201pa:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85F1DF93-A998-4528-9C82-721D16698FA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebook_c202sa:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ADFFC94-7F7A-40CF-817B-483BBDCCB66D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebook_c300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7EA3C8-8B68-4BE1-9C2D-FAFC4AF8EA7B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebook_c300sa:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66CB44E8-A520-4291-9D48-5ED4BD2B9FB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebook_c301sa:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6530E801-A924-4B0D-9602-92D320828C75",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebook_flip_c100pa:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB4C201C-3C87-4FC6-A48E-1428EA481195",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebook_flip_c302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9716ED-3AEA-439B-9148-C66CC98D0D6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebox_cn60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE2D4E6-CD1A-4336-9C1A-7B8FA5377CB0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebox_cn62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A308E84E-1044-41EC-A7A2-2A0E5A5DAD02",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:bobicus:chromebook_11:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAEB2859-2C44-410C-85F9-B37339161245",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ctl:j2_chromebook:-:*:*:*:*:education:*:*",
"matchCriteriaId": "48E098F9-7EFD-452B-9A9C-383039BF8150",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ctl:j4_chromebook:-:*:*:*:*:education:*:*",
"matchCriteriaId": "51F47A6C-430C-4635-BF8F-E837F37673FD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ctl:j5_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FBD6167-984D-492E-AA47-468678051CEC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ctl:n6_chromebook:-:*:*:*:*:education:*:*",
"matchCriteriaId": "0E93EBE6-B016-42C1-A65A-4B14038DA0A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ctl:nl61_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7987CC19-4679-47A6-B2B9-8D0A9F804925",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:chromebook_11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42D5DB45-A37D-48BE-9F00-C2108D47A4D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:chromebook_11_3120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F36AB1C2-6B81-49F7-998A-4E5A0692C161",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:chromebook_11_3189:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F0D7C4-DB72-41CC-A163-BF9CA4315BCB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:chromebook_11_model_3180:-:*:*:*:*:*:*:*",
"matchCriteriaId": "187CCE09-CC6D-455A-96A7-91667C22FCF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:chromebook_13_3380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BE3D28-7E3F-419C-84E3-A29D858AADEF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:chromebox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "455A3086-A52F-49DC-993F-E3FA17A3BE15",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:edugear:chromebook_k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8534D121-1A3A-42C1-BC0E-B37012A5F7C7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:edugear:chromebook_m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF753670-DD77-415D-BD4B-17D41F975A0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:edugear:chromebook_r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0E191E-A0D9-4B8C-929B-012DF95A1FE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:edugear:cmt_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE234602-9C70-425B-A677-382775EDC564",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:edxis:chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04C5FAF4-1B36-4379-A530-6AB0509E69DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:edxis:education_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8676FD39-8386-42D7-B551-A794B83268D3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:epik:chromebook_elb1101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B403CE-EDC1-426F-94A4-B19FAEEAC8EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B17D3A78-87DD-44CD-AB11-3E42AEB1A1D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:haier:chromebook_11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98D228FA-C7BD-4FA9-9885-4E2331E81966",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:haier:chromebook_11_c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA2A4B85-5CA1-4D00-9F39-841FB6DE94EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:haier:chromebook_11_g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8833B8E1-E49E-4DA9-988C-B0615468DDFF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:haier:chromebook_11e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EAD51FB-53D2-44BA-8C0B-70305E5C264E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hexa:chromebook_pi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DA08F6-67F6-4577-8959-19290EF58553",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hisense:chromebook_11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29036285-F6EB-4BCA-A338-0266F10A4B13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook:-:*:*:*:*:meetings:*:*",
"matchCriteriaId": "106D11AE-4322-455C-B10E-FD4F2992B4DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11-vxxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE44E53F-383A-43E0-9B67-F736749764B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_1100-1199:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72E87B3E-5E9D-419F-BFF6-C550A26B9D31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_2000-2099:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E336A5-8C90-405B-846F-003856AF8336",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_2100-2199:-:*:*:*:*:*:*:*",
"matchCriteriaId": "613BB633-7F07-4F3F-9327-B308E542FB6F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_2200-2299:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD37DD3-C729-4851-ACBE-D72848FDBAB5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62F027B0-FC37-4F25-BAF2-78C8E695C9E4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433AC4ED-752F-4B33-A294-CF2A82D8C12C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC8BDF0-F181-491D-88E7-8DD1FB5DC217",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_g4\\/g4_ee:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A50F3009-FD55-454D-8BBB-C8CC7B692092",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_g5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2A8ECDE-FA43-42C8-A866-24909A2ACA1E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_g5_ee:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C827F6-3C93-48DB-B8EE-4C8B715CC66C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_13_g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC73A69B-777B-498E-B7C9-2D98D26E4864",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_14:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BB89A0E-A308-4FAC-8FF6-83B3A932D549",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_14_ak000-099:-:*:*:*:*:*:*:*",
"matchCriteriaId": "808093B3-07B4-48DE-9784-0ABA100187F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_14_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB8B82E0-BE77-4A6F-B867-AE51E775146D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_14_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F00BDBE-F0D2-4B8C-BD8E-C1E52CBE216E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_14_x000-x999:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4233E3FD-B9A5-43BF-9C7F-80BF7446CD5D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebox_cb1-\\(000-099\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4DB5A7A-310D-442F-BE25-41A573EC8341",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebox_g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71390570-8953-493B-9EF7-78D4A9AD0156",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:100s_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3DD500A-CF2D-491A-AD2E-6201899840AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:n20_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17AAE58-B621-4737-8045-4ACD5FCB1090",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:n21_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86B3EEBB-44DC-4923-AABB-FF3633C570BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:n22_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC42851D-E264-40C4-B44C-3CF3AAB3AE41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:n23_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED745A48-294A-4FB7-A845-8B99D3848F54",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:n23_flex_11_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59891EF1-7733-4E02-A3D7-F48ECECACF6E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:n23_yoga_11_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "612C3ED3-1A90-4E35-A69A-87336107D2FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:n42_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F6E4D71-085F-4CF0-A95C-F6A139A7BDD8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_chromebox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5580DCA1-A57C-4A49-99C7-4C31910E8C66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_11e_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CAE0B2B-A078-4E08-BD4D-2E27E72061B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_13_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B481236-6FD6-47CC-925A-1580894DED37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lg:chromebase_22cb25s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE1EB6A-BCE0-443B-843C-83A4A74480FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lg:chromebase_22cv241:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE08B38-D2E4-46FF-BDBF-101516B7F760",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:medion:akoya_s2013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F934EA3-1BEB-4E0F-88BA-2A8519891D1E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:medion:chromebook_s2015:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9737D5FA-076F-45CF-BE72-4AC92A16ACE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mercer:chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51F7E626-C417-4164-93E8-86FF2CA81210",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mercer:v2_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35C6DD3A-6622-41B3-B716-9020DE5674A8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ncomputing:chromebook_cx100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D02136-E17B-4D4F-9773-14B0E3CF674A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nexian:chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "993BF4EC-0564-47D8-A920-37D4D2FF1F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:pcmerge:chromebook_pcm-116t-432b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E3E313-4177-4791-A405-36A9E20023E1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:poin2:chromebook_11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1EABBA-125A-48D2-A851-CAF5AEB3FF0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:poin2:chromebook_14:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D92963A3-720A-495E-8EEF-D96B782CF4F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:positivo:chromebook_ch1190:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E62BD4DE-D78E-4C70-A54C-7655E1418073",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:prowise:entry_line_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5803975-6443-49F0-B2E2-2CE362F15B0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:prowise:proline_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5510D58D-A29E-426B-98B8-D3FF0DF05728",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:rgs:education_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D29D3147-8560-4380-8940-AC2B1CE76B95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:chromebook_2_11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4116587-2E83-4ABA-8B9A-E0A80C3B6A1E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:chromebook_2_11_xe500c12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "813366C6-684F-4A0E-BCDE-C8A4A389B905",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:chromebook_2_13:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F0A50F-4D99-434E-B198-3AE48B5E7413",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:chromebook_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9246074B-C1F2-494D-B4BB-0F7BB3CAF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:chromebook_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF56D6E5-4F7B-45E4-A35A-0AD13B045580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:chromebook_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "881D9BFA-8ACA-4188-A72A-BE48AFEED4F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sector-five:e1_rugged_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99E9041D-FA9A-4FDF-B5CF-DC479FA982A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:senkatel:c1101_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E5D8DD-4BC2-4E5A-854F-E24AE48B1FE0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:toshiba:chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7535529-897C-4D66-87FF-638DA60D7E3D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:toshiba:chromebook_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42996DF5-8D88-4D65-827E-59AC8FAE90EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:toshiba:chromebook_2:-:*:2015:*:*:*:*:*",
"matchCriteriaId": "BA9D7740-2232-4ACC-861F-58CD3F4ABCDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:true:idc_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF68C69-3504-4209-BE16-33F7537C7D1E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:true:idc_chromebook_11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AEFDE24-B175-4DA2-AD5A-37F42DF3AF8A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:videonet:chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D2C8ABD-12F1-4710-B6D6-DF8ADCC37CED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:videonet:chromebook_bl10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAB3D5B-99CF-48C8-A543-2672AEAB1362",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:viglen:chromebook_11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D42B185-D644-4149-8616-DC292A8D3AF2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:viglen:chromebook_360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75761B52-09E9-4B04-8E6A-0928439E429C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:xolo:chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65407B5D-E6DD-4994-813C-BD5543111FBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:infineon:rsa_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43DDE644-1B5C-4B9E-9E91-1F9F2A1185D4",
"versionEndIncluding": "1.02.013",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS."
},
{
"lang": "es",
"value": "La librer\u00c3\u00ada Infineon RSA 1.02.013 en firmware Infineon Trusted Platform Module (TPM) como las versiones anteriores a la 0000000000000422 - 4.34, anteriores a la 000000000000062b - 6.43 y anteriores a la 0000000000008521 - 133.33, gestiona de manera incorrecta la generaci\u00c3\u00b3n de claves RSA, lo que hace que sea m\u00c3\u00a1s f\u00c3\u00a1cil para los atacantes superar varios mecanismos de protecci\u00c3\u00b3n criptogr\u00c3\u00a1fica mediante ataques dirigidos, conocido como ROCA. Ejemplos de las tecnolog\u00c3\u00adas afectadas son BitLocker con TPM 1.2, la generaci\u00c3\u00b3n de claves PGP con YubiKey 4 (en versiones anteriores a la 4.3.5) y la caracter\u00c3\u00adstica de cifrado Cached User Data en Chrome OS."
}
],
"id": "CVE-2017-15361",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-16T17:29:00.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101484"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"source": "cve@mitre.org",
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/crocs-muni/roca"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
},
{
"source": "cve@mitre.org",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://keychest.net/roca"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://monitor.certipath.com/rsatest"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"source": "cve@mitre.org",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/crocs-muni/roca"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://keychest.net/roca"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://monitor.certipath.com/rsatest"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-25 11:15
Modified
2024-10-28 21:35
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| dsap-vuln-management@google.com | https://source.android.com/security/bulletin/pixel/2024-10-01 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | * | ||
| pixel | - | ||
| pixel_2 | - | ||
| pixel_2_xl | - | ||
| pixel_3 | - | ||
| pixel_3_xl | - | ||
| pixel_3a | - | ||
| pixel_3a_xl | - | ||
| pixel_4 | - | ||
| pixel_4_xl | - | ||
| pixel_4a | - | ||
| pixel_4a_5g | - | ||
| pixel_5 | - | ||
| pixel_5a | - | ||
| pixel_6 | - | ||
| pixel_6_pro | - | ||
| pixel_6a | - | ||
| pixel_7 | - | ||
| pixel_7_pro | - | ||
| pixel_7a | - | ||
| pixel_8 | - | ||
| pixel_8_pro | - | ||
| pixel_8a | - | ||
| pixel_9 | - | ||
| pixel_9_pro | - | ||
| pixel_9_pro_fold | - | ||
| pixel_c | - | ||
| pixel_fold | - | ||
| pixel_pro_xl | - | ||
| pixel_slate | - | ||
| pixel_tablet | - | ||
| pixel_xl | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1716AE3-39FD-430C-9B82-FDDEB29775B8",
"versionEndExcluding": "2024-10-05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B17D3A78-87DD-44CD-AB11-3E42AEB1A1D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B76B2AD-52E2-41D2-82D7-557DC32E064F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_2_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50F1BE2A-DC55-4AC2-8272-FC793CB93B48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95B55D72-61F8-4957-9C3D-8009C6966F40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "128E8B67-E19C-4C1A-B7FB-081ACDB243C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F56191C-4FF1-4309-9169-AA83CF2F23F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3a_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59B24F-5624-4BCB-985A-2CC9987EA69C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EFE6CB-CAFD-4F38-8548-A19A0FBFECC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BF63E4-BD56-40F9-AA33-5EB5D1D2A7BE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E49FC5D-ACC7-498F-88E9-293AB276CF63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4a_5g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3936C02-6FC1-4B53-A54E-C49DBEFBC17A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821F3393-1034-4812-A091-D753EDA59E60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_5a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD673E4-9A74-4029-9E99-F741711A529C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C27C4FD0-E67A-4D54-A00A-BDD59AAABB4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBDD7EC-7E2D-4703-9CE8-8B2422146F6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99FFC9C6-24A6-4479-8DA1-93DA62C89048",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1347ED-56D0-4AF8-92D8-D4E427B5A1CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23904900-3001-4EA1-9A6C-C8F7EB2D3C42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C74EE811-A472-4509-A52F-34EE65FEDE7B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7669A258-53B3-4599-B304-A99C47278583",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E43578F-1598-4343-AC12-B71DE4E33C50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF365A22-58DA-4D98-ADF0-FFD566BD62B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D7038F-BF44-45ED-8C35-6DD98D72A043",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0889AF-7B08-42CE-A721-87D99B9F27CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9_pro_fold:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3485B56E-3A9C-4960-B58E-CE5291BD66CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9526852E-8BF4-42AA-A9BC-84FEC564B871",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_fold:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05242EED-D230-4968-A0B1-1472D6D645D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_pro_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0EF14B-06EF-4229-8364-7049A6E53D32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_slate:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A412160-3367-4945-BD00-A0D730C271CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_tablet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "831D6339-087B-4CFA-9AF7-FBE6FB5F7E00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1674845A-B3D0-43E2-98FC-06E29A3C6A77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488."
},
{
"lang": "es",
"value": "Android anterior al 2024-10-05 en los dispositivos Google Pixel permite la divulgaci\u00f3n de informaci\u00f3n en el componente ABL, A-331966488."
}
],
"id": "CVE-2024-47020",
"lastModified": "2024-10-28T21:35:17.183",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-10-25T11:15:16.843",
"references": [
{
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
}
],
"sourceIdentifier": "dsap-vuln-management@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-02 22:15
Modified
2024-11-21 08:34
Severity ?
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B17D3A78-87DD-44CD-AB11-3E42AEB1A1D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a possible information\u00a0disclosure due to a missing permission check. This could lead to local\u00a0information disclosure of health data with no additional execution\u00a0privileges needed.\n"
},
{
"lang": "es",
"value": "Existe una posible divulgaci\u00f3n de informaci\u00f3n debido a que falta una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local de datos de salud sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"id": "CVE-2023-4164",
"lastModified": "2024-11-21T08:34:31.357",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "dsap-vuln-management@google.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-02T22:15:08.937",
"references": [
{
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01"
}
],
"sourceIdentifier": "dsap-vuln-management@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "dsap-vuln-management@google.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-08 19:15
Modified
2024-11-21 02:54
Severity ?
Summary
An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/97371 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1038201 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://source.android.com/security/bulletin/2017-04-01.html | Third Party Advisory | |
| cve@mitre.org | https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97371 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038201 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://source.android.com/security/bulletin/2017-04-01.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474 | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9313451D-B78B-4FD5-B7B8-8D92DD4E44B9",
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B17D3A78-87DD-44CD-AB11-3E42AEB1A1D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1674845A-B3D0-43E2-98FC-06E29A3C6A77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9313451D-B78B-4FD5-B7B8-8D92DD4E44B9",
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280)."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el Google Pixel/Pixel SL Qualcomm Avtimer Driver debido a una desreferencia del puntero NULL al procesar una llamada de sistema de aceptaci\u00f3n para el proceso del usuario en los sockets AF_MSM_IPC, lo que podr\u00eda permitir a un usuario malicioso local obtener informaci\u00f3n confidencial (ID de Bug de Android A -32551280)."
}
],
"id": "CVE-2016-5346",
"lastModified": "2024-11-21T02:54:08.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-08T19:15:10.673",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97371"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038201"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://source.android.com/security/bulletin/2017-04-01.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://source.android.com/security/bulletin/2017-04-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}