CVE-2024-53837

Published Jan 3, 2025

Last updated 9 months ago

CVSS high 7.8

Overview

Description
In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source
dsap-vuln-management@google.com
NVD status
Analyzed
Products
android

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-787

Social media

Hype score
Not currently trending

  1. CVE-2024-53837 (CVSS:7.8, HIGH) is Awaiting Analysis. In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This coul..https://t.co/0kj7qhGGhr #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    8 Jan 2025

    6 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. BaseScore: 7.8, BaseSeverity: HIGH, id: CVE-2024-53837, published: 2025-01-03T04:15:06.560, sourceIdentifier: dsap-vuln-management@google.com, url: https://t.co/iBS93vlmzM, vulnStatus: Awaiting Analysis

    @CVETracker

    4 Jan 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-53837 Integer Overflow Leads to Privilege Escalation in lwis_periodic_io.c In lwis_periodic_io.c's prepare_response, there is a possible out of bounds write from an integer overflow. This can cause a loc... https://t.co/UV9t2M6xVN

    @VulmonFeeds

    3 Jan 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-53837 In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with n… https://t.co/gjlFV1rFSM

    @CVEnew

    3 Jan 2025

    261 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege.CVE-2026-21012
  2. Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.CVE-2026-21011
  3. Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions.CVE-2026-21010
  4. Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning.CVE-2026-21009
  5. Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information.CVE-2026-21008

References

Sources include official advisories and independent security research.