Multiple vulnerabilities in Google Pixel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2025-22377 CVE-2024-56187 CVE-2024-56188 CVE-2024-56184 CVE-2024-56185 CVE-2024-56186 CVE-2024-20003 |
| CWE-ID | CWE-20 CWE-200 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Pixel Mobile applications / Mobile firmware & hardware |
| Vendor |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU105356
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22377
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Pixel Modem subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: 2022-01-05 - 2025-01-05
CPE2.3- cpe:2.3:a:google:pixel:2022-01-05:*:*:*:*:*:*:*
- cpe:2.3:a:google:pixel:2022-03-05:*:*:*:*:*:*:*
- cpe:2.3:a:google:pixel:2022-12-05:*:*:*:*:*:*:*
https://source.android.com/docs/security/bulletin/pixel/2025-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information exposure
EUVDB-ID: #VU105357
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56187
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: 2022-01-05 - 2025-01-05
CPE2.3- cpe:2.3:a:google:pixel:2022-01-05:*:*:*:*:*:*:*
- cpe:2.3:a:google:pixel:2022-03-05:*:*:*:*:*:*:*
- cpe:2.3:a:google:pixel:2022-12-05:*:*:*:*:*:*:*
https://source.android.com/docs/security/bulletin/pixel/2025-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU105358
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56188
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: 2022-01-05 - 2025-01-05
CPE2.3- cpe:2.3:a:google:pixel:2022-01-05:*:*:*:*:*:*:*
- cpe:2.3:a:google:pixel:2022-03-05:*:*:*:*:*:*:*
- cpe:2.3:a:google:pixel:2022-12-05:*:*:*:*:*:*:*
https://source.android.com/docs/security/bulletin/pixel/2025-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information exposure
EUVDB-ID: #VU105359
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56184
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Trusty subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: 2022-01-05 - 2025-01-05
CPE2.3- cpe:2.3:a:google:pixel:2022-01-05:*:*:*:*:*:*:*
- cpe:2.3:a:google:pixel:2022-03-05:*:*:*:*:*:*:*
- cpe:2.3:a:google:pixel:2022-12-05:*:*:*:*:*:*:*
https://source.android.com/docs/security/bulletin/pixel/2025-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information exposure
EUVDB-ID: #VU105360
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56185
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: 2022-01-05 - 2025-01-05
CPE2.3- cpe:2.3:a:google:pixel:2022-01-05:*:*:*:*:*:*:*
- cpe:2.3:a:google:pixel:2022-03-05:*:*:*:*:*:*:*
- cpe:2.3:a:google:pixel:2022-12-05:*:*:*:*:*:*:*
https://source.android.com/docs/security/bulletin/pixel/2025-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information exposure
EUVDB-ID: #VU105361
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56186
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: 2022-01-05 - 2025-01-05
CPE2.3- cpe:2.3:a:google:pixel:2022-01-05:*:*:*:*:*:*:*
- cpe:2.3:a:google:pixel:2022-03-05:*:*:*:*:*:*:*
- cpe:2.3:a:google:pixel:2022-12-05:*:*:*:*:*:*:*
https://source.android.com/docs/security/bulletin/pixel/2025-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper input validation
EUVDB-ID: #VU86134
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-20003
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to an improper input validation within Modem NL1. A local application can perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: 2022-01-05 - 2025-01-05
CPE2.3- cpe:2.3:a:google:pixel:2022-01-05:*:*:*:*:*:*:*
- cpe:2.3:a:google:pixel:2022-03-05:*:*:*:*:*:*:*
- cpe:2.3:a:google:pixel:2022-12-05:*:*:*:*:*:*:*
https://source.android.com/docs/security/bulletin/pixel/2025-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
