CVE-2024-25992 – CVE-2024-25992 is an out-of-bounds read vulnera... (How to Fix)

Q: What is the severity of CVE-2024-25992?

CVE-2024-25992 has a CVSS score of 7.8 (HIGH). CVE-2024-25992 is an out-of-bounds read vulnerability in the tmu_tz_control function of tmu.c that allows local privilege escalation without user interaction. This affects Android Pixel devices and could enable attackers to gain elevated system privileges. Exploitation requires local access to the device.

📋 TL;DR

CVE-2024-25992 is an out-of-bounds read vulnerability in the tmu_tz_control function of tmu.c that allows local privilege escalation without user interaction. This affects Android Pixel devices and could enable attackers to gain elevated system privileges. Exploitation requires local access to the device.

💻 Affected Systems

Products:

Google Pixel devices

Versions: Android versions prior to March 2024 security update

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects Pixel devices with vulnerable kernel components; other Android devices may not be impacted.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains full root/system privileges on the device, enabling complete compromise of data, persistence, and further exploitation.

🟠

Likely Case

Local malware or malicious apps escalate privileges to perform unauthorized actions, access sensitive data, or install persistent backdoors.

🟢

If Mitigated

With proper patching and security controls, the vulnerability is eliminated; unpatched devices remain at high risk.

🌐 Internet-Facing: LOW (requires local access, not remotely exploitable over network)

🏢 Internal Only: HIGH (local attackers or malware can exploit it without additional privileges)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access but no user interaction; kernel-level vulnerabilities often attract sophisticated attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: March 2024 Android security update

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2024-03-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install the March 2024 security update. 3. Reboot the device after installation.

🔧 Temporary Workarounds

No effective workaround

all

Kernel vulnerabilities typically require patching; no configuration changes can mitigate this.

🧯 If You Can't Patch

Restrict physical and local access to devices; implement strict app installation policies.
Monitor for unusual privilege escalation attempts using security tools.

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version; if before March 2024, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows 'March 5, 2024' or later after update.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs, unusual privilege escalation in audit logs, SELinux denials related to tmu

Network Indicators:

None (local exploit only)

SIEM Query:

Search for kernel crash reports or security events indicating privilege escalation on Android devices.

📊 Metadata

CVE ID: CVE-2024-25992

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: March 11, 2024

Last Updated: April 3, 2025

🔗 References

https://source.android.com/security/bulletin/pixel/2024-03-01 Vendor Advisory
https://source.android.com/security/bulletin/pixel/2024-03-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25992, you might also want to check these: