CVE-2024-27204 – CVE-2024-27204 is an out-of-bounds write vulner... (How to Fix)

Q: What is the severity of CVE-2024-27204?

CVE-2024-27204 has a CVSS score of 8.4 (HIGH). CVE-2024-27204 is an out-of-bounds write vulnerability in the tmu_set_gov_active function of tmu.c in Android's Pixel kernel. This allows local attackers to escalate privileges without user interaction or additional execution privileges. The vulnerability affects Google Pixel devices running vulnerable kernel versions.

📋 TL;DR

CVE-2024-27204 is an out-of-bounds write vulnerability in the tmu_set_gov_active function of tmu.c in Android's Pixel kernel. This allows local attackers to escalate privileges without user interaction or additional execution privileges. The vulnerability affects Google Pixel devices running vulnerable kernel versions.

💻 Affected Systems

Products:

Google Pixel smartphones

Versions: Android kernel versions prior to March 2024 security patch

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects Pixel devices with vulnerable kernel builds; other Android devices may not be affected unless they use the same vulnerable kernel code.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root-level access, allowing attackers to install persistent malware, access all user data, and bypass security controls.

🟠

Likely Case

Local privilege escalation enabling attackers to gain elevated permissions, potentially leading to data theft, surveillance, or further system exploitation.

🟢

If Mitigated

Limited impact with proper kernel hardening, SELinux policies, and timely patching, though the vulnerability still provides a foothold for skilled attackers.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the device.

🏢 Internal Only: HIGH - If an attacker gains physical or remote shell access to a vulnerable device, they can exploit this to gain full control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to the device but no user interaction; exploitation involves kernel memory manipulation which requires technical expertise.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: March 2024 Android security patch level or later

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2024-03-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Download and install the March 2024 security patch. 3. Reboot the device after installation completes.

🔧 Temporary Workarounds

Restrict physical and remote access

all

Limit who has physical access to devices and ensure remote access is properly secured with strong authentication.

🧯 If You Can't Patch

Isolate vulnerable devices from critical networks and data
Implement strict access controls and monitor for suspicious local activity

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If patch level is earlier than March 2024, the device is likely vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify the security patch level shows March 2024 or later after applying the update.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
SELinux denials related to tmu operations
Unexpected privilege escalation attempts

Network Indicators:

Unusual outbound connections from privileged processes

SIEM Query:

source="android_kernel" AND (event_type="panic" OR event_type="oops") AND process="tmu"

📊 Metadata

CVE ID: CVE-2024-27204

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: March 11, 2024

Last Updated: April 3, 2025

🔗 References

https://source.android.com/security/bulletin/pixel/2024-03-01 Vendor Advisory
https://source.android.com/security/bulletin/pixel/2024-03-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27204, you might also want to check these: