CVE-2024-36971 — Android Kernel Remote Code Execution Vulnerability

2024-08-07 • CISA Known Exploited Vulnerability

[event] Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact other products, including but not limited to Android OS.

> AFFECTED SOFTWARE

Field	Value
Vendor	Android
Product	Kernel
CWE	CWE-416
CVE ID	CVE-2024-36971
Date Added	2024-08-07
Due Date	2024-08-28
Ransomware Campaign	Unknown

> MITIGATION

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2024-08-28

> REFERENCES

[1] https://source.android.com/docs/security/bulletin/2024-08-01,
[2] https://lore.kernel.org/linux-cve-announce/20240610090330.1347021-2-lee@kernel.o...
[3] https://nvd.nist.gov/vuln/detail/CVE-2024-36971