CVE-2024-29748

ENISA EUVD: EUVD-2024-26743 ↗
Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 3, 2026 7 articles Published: 2024-04-05
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
0.41%
probability
This CVE has a 0.41% probability of being exploited in the next 30 days.
0% Top 61.7th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
7.8
HIGH
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)
there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Affected Products

Google
Android
Android kernel

Google Project Zero

Patched
April 2, 2024
Reported by
???
Root Cause Analysis
???

Signal Intelligence

Confidence
92%
EPSS 0.41%
CVSS v3.1 7.8
Mentions 7
Last Seen Feb 28, 2025

CNA Information

CNA Assigner
Google_Devices

Analyst Note

CVE-2024-29748 demonstrates confirmed exploitation in real-world attacks against Pixel devices by forensics firms and law enforcement, with coverage from multiple reputable security sources and validation by Google's project zero team. The HIGH CVSS score (7.8), local privilege escalation capability, and documented active exploitation strongly support the CONFIRMED status despite absence from CISA KEV.

Threat Actors 3

RomCom
apt_group Financial gain 🇷🇺 RU
Void Rabisu
apt_group Financial gain 🇷🇺 RU
Red Dev 17
apt_group 🇨🇳 CN

Triage Info

Decided atMar 03, 2026
Published DateApr 05, 2024