CVE-2024-25988 – This vulnerability allows remote attackers to r... (How to Fix)

Q: What is the severity of CVE-2024-25988?

CVE-2024-25988 has a CVSS score of 8.4 (HIGH). This vulnerability allows remote attackers to read memory beyond intended boundaries in Android's SAEMM component, potentially exposing sensitive information without authentication. It affects Google Pixel devices running vulnerable Android versions. No user interaction is required for exploitation.

📋 TL;DR

This vulnerability allows remote attackers to read memory beyond intended boundaries in Android's SAEMM component, potentially exposing sensitive information without authentication. It affects Google Pixel devices running vulnerable Android versions. No user interaction is required for exploitation.

💻 Affected Systems

Products:

Google Pixel devices

Versions: Android versions prior to March 2024 security patch

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects SAEMM (Security Association Establishment and Maintenance Module) component in Android radio stack.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote information disclosure of sensitive system memory, potentially exposing authentication tokens, encryption keys, or other protected data.

🟠

Likely Case

Information leakage of limited memory contents, potentially revealing device identifiers or other non-critical data.

🟢

If Mitigated

No impact if patched; limited impact if network segmentation prevents external access.

🌐 Internet-Facing: HIGH - Remote exploitation without authentication or user interaction.

🏢 Internal Only: MEDIUM - Could be exploited from within network but requires targeting vulnerable devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending crafted radio messages to vulnerable devices.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: March 2024 Android security patch level

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2024-03-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install March 2024 security patch. 3. Reboot device after installation.

🔧 Temporary Workarounds

Network segmentation

all

Isolate vulnerable devices from untrusted networks

Disable unnecessary radio interfaces

android

Turn off cellular data when not needed

🧯 If You Can't Patch

Segment vulnerable devices on isolated network segments
Monitor for unusual radio communication patterns

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows March 2024 or later

📡 Detection & Monitoring

Log Indicators:

Unusual SAEMM protocol errors
Radio interface crashes

Network Indicators:

Malformed SAEMM protocol messages
Unusual radio traffic patterns

SIEM Query:

source="android_system" AND (event="SAEMM_error" OR event="radio_crash")

📊 Metadata

CVE ID: CVE-2024-25988

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: March 11, 2024

Last Updated: April 3, 2025

🔗 References

https://source.android.com/security/bulletin/pixel/2024-03-01 Vendor Advisory
https://source.android.com/security/bulletin/pixel/2024-03-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25988, you might also want to check these: