CVE-2024-27229
📋 TL;DR
This vulnerability is a null pointer dereference in Android's call barring component that could allow remote attackers to cause denial of service without user interaction. It affects Android devices, particularly Google Pixel phones, by crashing the telephony service when processing malicious messages.
💻 Affected Systems
- Android
- Google Pixel phones
📦 What is this software?
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
Remote attacker could crash the telephony service, disrupting phone calls and SMS functionality until device reboot.
Likely Case
Denial of service affecting phone call and messaging capabilities on vulnerable devices.
If Mitigated
No impact if patched; limited impact if device is not internet-facing.
🎯 Exploit Status
No user interaction needed but requires sending specific telephony messages.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: March 2024 Android security patch
Vendor Advisory: https://source.android.com/security/bulletin/pixel/2024-03-01
Restart Required: Yes
Instructions:
1. Check for system updates in Settings > System > System update. 2. Install March 2024 Android security patch. 3. Reboot device after installation.
🔧 Temporary Workarounds
Network-level filtering
allFilter suspicious telephony messages at network level
🧯 If You Can't Patch
- Restrict device network access to trusted telephony networks only
- Monitor for telephony service crashes and restart service if needed
🔍 How to Verify
Check if Vulnerable:
Check Android security patch level in Settings > About phone > Android versionCheck Version:
adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify security patch level shows March 2024 or later📡 Detection & Monitoring
Log Indicators:
- Telephony service crashes
- Null pointer exceptions in ss_CallBarring.c
Network Indicators:
- Unusual telephony message patterns
SIEM Query:
source="android_logs" AND ("ss_CallBarring" OR "telephony crash")