CVE-2024-29745: Google Android Information Disclosure Bug

CVE-2024-29745 Overview

CVE-2024-29745 is an information disclosure vulnerability in Google Android caused by uninitialized data. This vulnerability allows local attackers to access sensitive information without requiring additional execution privileges or user interaction. The flaw stems from uninitialized memory being improperly exposed, potentially leaking confidential data to unauthorized processes.

Critical Impact

This vulnerability is actively exploited in the wild and has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, indicating confirmed exploitation by threat actors targeting Android devices.

Affected Products

• Google Android (all versions prior to the April 2024 security patch)

Discovery Timeline

• April 5, 2024 - CVE CVE-2024-29745 published to NVD
• October 24, 2025 - Last updated in NVD database

Technical Details for CVE-2024-29745

Vulnerability Analysis

CVE-2024-29745 is classified under CWE-908 (Use of Uninitialized Resource), which describes scenarios where a resource that has not been properly initialized is used by the system. In this case, uninitialized memory regions within Android are being accessed and can leak sensitive information to local processes.

The vulnerability requires local access to the device but does not require elevated privileges beyond what a standard application would possess. The attack complexity is low, meaning exploitation is straightforward once an attacker has local access. The impact is limited to confidentiality, with high potential for information disclosure but no direct impact on integrity or availability.

Root Cause

The root cause of this vulnerability lies in improper memory initialization within Google Android. When memory is allocated but not properly initialized before use, it may contain residual data from previous operations. This data can include sensitive information such as cryptographic keys, authentication tokens, or other confidential data. The Android component affected fails to zero-out or properly initialize memory before it becomes accessible, creating an information leakage vector.

Attack Vector

The attack vector is local, requiring an attacker to have some form of access to the target Android device. This could be achieved through:

• A malicious application installed on the device
• Physical access to an unlocked device
• Exploitation chaining with another vulnerability to gain initial local access

Once local access is obtained, the attacker can trigger the vulnerability to read uninitialized memory contents without requiring user interaction or additional privileges. The attack is particularly concerning as it has been observed in active exploitation campaigns, as documented by GrapheneOS and confirmed by CISA's inclusion in the KEV catalog.

The exploitation mechanism involves accessing memory regions before proper initialization occurs, allowing the attacker to capture whatever data remains in that memory space from previous operations.

Detection Methods for CVE-2024-29745

Indicators of Compromise

• Unusual memory access patterns from applications that should not require such access
• Applications attempting to read memory regions outside their normal operating scope
• Evidence of information exfiltration following suspicious application behavior
• Presence of known malicious applications that exploit this vulnerability class

Detection Strategies

• Monitor for applications with anomalous memory access behaviors using Android's security logging
• Implement behavioral analysis to detect applications attempting to exploit uninitialized memory conditions
• Deploy mobile threat defense (MTD) solutions capable of detecting exploitation attempts
• Review application permissions and behaviors for signs of unauthorized data access

Monitoring Recommendations

• Enable comprehensive logging on Android devices, particularly for application memory access patterns
• Utilize SentinelOne Mobile Threat Defense to detect and respond to exploitation attempts in real-time
• Monitor for security advisories from Google and GrapheneOS regarding active exploitation
• Track CISA KEV catalog updates for additional context on active exploitation campaigns

How to Mitigate CVE-2024-29745

Immediate Actions Required

• Apply the April 2024 Android security patch immediately to all affected devices
• Review installed applications and remove any suspicious or unnecessary apps
• Enable automatic security updates to ensure timely patching of future vulnerabilities
• Consider deploying enterprise mobile device management (MDM) solutions to enforce patch compliance

Patch Information

Google has released a security patch addressing CVE-2024-29745 in the April 2024 Android Security Bulletin. The patch is available for Pixel devices through the Android Security Bulletin April 2024. Device manufacturers should integrate this patch into their Android builds, and end users should update their devices to the latest available firmware version.

Given the active exploitation status confirmed by CISA's Known Exploited Vulnerabilities catalog, organizations subject to CISA directives must prioritize remediation according to Binding Operational Directive 22-01 timelines.

Workarounds

• Limit installation of applications to trusted sources only (official app stores)
• Implement mobile device management (MDM) policies restricting app installation permissions
• Use Android's work profile feature to isolate sensitive corporate data from potentially vulnerable applications
• Monitor devices for unusual behavior indicating attempted exploitation while awaiting patch deployment

Organizations using SentinelOne Singularity Mobile can leverage the platform's behavioral AI detection capabilities to identify and block exploitation attempts targeting this vulnerability, providing protection even before patches can be deployed across the device fleet.