CVE-2024-56185 – This CVE describes an out-of-bounds read vulner... (How to Fix)

Q: What is the severity of CVE-2024-56185?

CVE-2024-56185 has a CVSS score of 5.1 (MEDIUM). This CVE describes an out-of-bounds read vulnerability in Android's baseband firmware that could allow local information disclosure. Attackers could potentially read sensitive data from adjacent memory locations, but exploitation requires baseband firmware compromise. This affects Android devices with vulnerable baseband implementations.

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in Android's baseband firmware that could allow local information disclosure. Attackers could potentially read sensitive data from adjacent memory locations, but exploitation requires baseband firmware compromise. This affects Android devices with vulnerable baseband implementations.

💻 Affected Systems

Products:

Android devices with vulnerable baseband firmware

Versions: Android versions prior to March 2025 security updates

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects Pixel devices and potentially other Android devices with similar baseband implementations. Requires baseband firmware compromise for exploitation.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with baseband firmware compromise could read sensitive information from adjacent memory, potentially exposing cryptographic keys, authentication tokens, or other protected data.

🟠

Likely Case

Limited information disclosure of non-critical data from adjacent memory regions, requiring significant attacker investment for baseband compromise.

🟢

If Mitigated

No impact if baseband firmware is not compromised or if the vulnerability is patched.

🌐 Internet-Facing: LOW - Exploitation requires local access and baseband firmware compromise, not directly exploitable over internet.

🏢 Internal Only: MEDIUM - Requires physical device access or local network compromise plus baseband firmware exploitation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires baseband firmware compromise first, which is a significant barrier. No user interaction needed once baseband is compromised.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: March 2025 Android security updates

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2025-03-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install March 2025 security update. 3. Reboot device after installation completes.

🔧 Temporary Workarounds

Disable baseband debugging

android

Prevents baseband debugging interfaces that could be used for initial compromise

adb shell setprop persist.vendor.radio.adb_log_on 0
adb reboot

🧯 If You Can't Patch

Restrict physical access to devices to prevent baseband compromise
Implement device encryption and secure boot to make baseband exploitation more difficult

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If before March 2025, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows 'March 5, 2025' or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

Baseband crash logs
Unexpected baseband firmware modifications
Memory access violations in baseband logs

Network Indicators:

Unusual baseband communication patterns
Suspicious modem firmware updates

SIEM Query:

source="android_logs" AND (message="*baseband*crash*" OR message="*modem*failure*")

📊 Metadata

CVE ID: CVE-2024-56185

CVSS v3 Score: 5.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-125

EPSS Score: 0.01% exploit probability (1.2th percentile)

Published: March 10, 2025

Last Updated: June 27, 2025

🔗 References

https://source.android.com/security/bulletin/pixel/2025-03-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56185, you might also want to check these: