CVE-2024-47018 – This vulnerability allows local attackers to re... (How to Fix)

Q: What is the severity of CVE-2024-47018?

CVE-2024-47018 has a CVSS score of 5.5 (MEDIUM). This vulnerability allows local attackers to read memory beyond intended buffer boundaries in Android's power management unit calibration code. It affects Android devices, particularly Google Pixel phones, and could disclose sensitive system information without requiring user interaction or elevated privileges.

📋 TL;DR

This vulnerability allows local attackers to read memory beyond intended buffer boundaries in Android's power management unit calibration code. It affects Android devices, particularly Google Pixel phones, and could disclose sensitive system information without requiring user interaction or elevated privileges.

💻 Affected Systems

Products:

Google Pixel phones
Android devices using Qualcomm PMIC

Versions: Android versions prior to October 2024 security patch

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects devices with Qualcomm PMIC hardware and the flexpmu_cal_rae.c driver.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could read sensitive kernel memory containing cryptographic keys, passwords, or other protected data, potentially enabling further system compromise.

🟠

Likely Case

Local information disclosure of system memory contents, which could reveal device-specific information useful for other attacks.

🟢

If Mitigated

With proper kernel hardening and memory protection mechanisms, impact is limited to reading non-sensitive memory regions.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or local access to the device.

🏢 Internal Only: MEDIUM - Malicious apps or users with local access could exploit this to gather system information for privilege escalation or other attacks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of kernel memory layout. No authentication needed but requires ability to trigger the vulnerable function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: October 2024 Android security patch

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2024-10-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install October 2024 Android security patch. 3. Reboot device after installation completes.

🔧 Temporary Workarounds

Disable vulnerable driver module

linux

Prevent loading of the vulnerable flexpmu_cal_rae driver module

echo 'blacklist flexpmu_cal_rae' >> /etc/modprobe.d/blacklist.conf
rmmod flexpmu_cal_rae

🧯 If You Can't Patch

Restrict local access to devices through physical security controls
Implement application sandboxing and SELinux policies to limit impact

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If before October 2024, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level shows 'October 5, 2024' or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Unexpected memory access errors in dmesg
SELinux denials related to pmucal operations

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="android_kernel" AND ("pmucal" OR "flexpmu") AND ("out of bounds" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2024-47018

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: October 25, 2024

Last Updated: October 28, 2024

🔗 References

https://source.android.com/security/bulletin/pixel/2024-10-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47018, you might also want to check these: