CVE-2024-53839 – This vulnerability allows an attacker to read m... (How to Fix)

Q: What is the severity of CVE-2024-53839?

CVE-2024-53839 has a CVSS score of 5.5 (MEDIUM). This vulnerability allows an attacker to read memory beyond intended boundaries in the GetCellInfoList() function of Android's protocolnetadapter.cpp. It could lead to local information disclosure, but requires baseband firmware compromise for exploitation. Affects Android devices, particularly Google Pixel phones.

📋 TL;DR

This vulnerability allows an attacker to read memory beyond intended boundaries in the GetCellInfoList() function of Android's protocolnetadapter.cpp. It could lead to local information disclosure, but requires baseband firmware compromise for exploitation. Affects Android devices, particularly Google Pixel phones.

💻 Affected Systems

Products:

Google Pixel phones
Android devices with similar baseband implementations

Versions: Android versions prior to December 2024 security patch

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Requires baseband firmware compromise for exploitation, which significantly raises the attack barrier.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local information disclosure of sensitive memory contents, potentially exposing credentials, encryption keys, or other protected data.

🟠

Likely Case

Limited information disclosure of non-critical memory regions due to baseband firmware compromise requirement.

🟢

If Mitigated

No impact if baseband firmware is secure and proper memory protections are in place.

🌐 Internet-Facing: LOW - Requires local access and baseband firmware compromise.

🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or users with physical access if baseband is compromised.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires compromising baseband firmware first, which is technically challenging and device-specific.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: December 2024 Android security patch or later

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2024-12-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install December 2024 security patch or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable unnecessary baseband features

android

Reduce attack surface by disabling unused cellular network features

🧯 If You Can't Patch

Isolate affected devices from sensitive networks and data
Implement strict app installation policies to prevent malicious apps

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If before December 2024, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows December 2024 or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

Unusual baseband firmware access attempts
Memory access violations in system logs

Network Indicators:

Anomalous baseband communication patterns

SIEM Query:

source="android_system" AND (event="memory_violation" OR event="baseband_access")

📊 Metadata

CVE ID: CVE-2024-53839

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-125

EPSS Score: 0.05% exploit probability (15.4th percentile)

Published: January 3, 2025

Last Updated: July 24, 2025

🔗 References

https://source.android.com/security/bulletin/pixel/2024-12-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-53839, you might also want to check these: