Login Sign Up

CVE-2024-32919

7.8 HIGH

📋 TL;DR

This vulnerability is a type confusion flaw in Android's Low-Level Workload Isolation System (LWIS) that allows local privilege escalation without user interaction. Attackers can exploit it to gain elevated system privileges from a standard user context. It affects Google Pixel devices running vulnerable Android versions.

💻 Affected Systems

Products:
  • Google Pixel smartphones
Versions: Android versions prior to June 2024 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects the LWIS component in Pixel devices; other Android devices may not be affected.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to execute arbitrary code with kernel privileges, install persistent malware, access all user data, and bypass security controls.

🟠

Likely Case

Local attackers gaining root access to install malicious apps, steal sensitive data, or disable security features on compromised devices.

🟢

If Mitigated

Limited impact with proper patch management and device security policies in place, though unpatched devices remain vulnerable.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring physical or remote code execution access first.
🏢 Internal Only: HIGH - Once an attacker gains initial access to a device, they can exploit this to gain full control.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access but no user interaction; type confusion vulnerabilities typically require specific memory manipulation knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: June 2024 Android security patch level

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2024-06-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Download and install June 2024 security patch. 3. Reboot device after installation completes.

🔧 Temporary Workarounds

Restrict physical access

all

Limit physical access to devices to prevent local exploitation attempts

Disable developer options

android

Turn off USB debugging and developer options to reduce attack surface

🧯 If You Can't Patch

  • Isolate vulnerable devices from sensitive networks and data
  • Implement strict application whitelisting to prevent malicious app installation

🔍 How to Verify

Check if Vulnerable:

Check Settings > About phone > Android version > Android security update. If date is before June 2024, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security update shows 'June 5, 2024' or later in Settings > About phone.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Unexpected privilege escalation attempts
  • SELinux denials related to LWIS

Network Indicators:

  • Unusual outbound connections from system processes
  • Command and control traffic from elevated contexts

SIEM Query:

source="android_logs" AND (event_type="kernel_panic" OR process_privilege_change="escalation")

📊 Metadata

CVE ID: CVE-2024-32919
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-843
Published: June 13, 2024
Last Updated: July 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32919, you might also want to check these:

CVE-2025-47151 9.8

A type confusion vulnerability in Entr'ouvert Lasso's SAML parsing allows remote code execution when...

Same vulnerability type (CWE-843)
CVE-2025-65570 9.8

A type confusion vulnerability in jsish 2.0 allows incorrect control flow during execution of the OP...

Same vulnerability type (CWE-843)
CVE-2020-25575 9.8

This vulnerability in the Rust failure crate (versions through 0.1.5) involves a type confusion flaw...

Same vulnerability type (CWE-843)