CVE-2024-43091: 
NixOS vulnerability analysis and mitigation

CVE-2024-43091 is a high-severity vulnerability discovered in the Android System component, specifically in the filterMask function of SkEmbossMaskFilter.cpp. The vulnerability was disclosed in November 2024 and affects Android versions 12, 12.1, 13, 14, and 15. This security flaw stems from an integer overflow condition that could lead to an out-of-bounds write (NVD, Malwarebytes).

The vulnerability is characterized by an integer overflow in the filterMask function of SkEmbossMaskFilter.cpp, which can result in an out-of-bounds write condition. It has received a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability has been classified under CWE-190 (Integer Overflow or Wraparound) and CWE-787 (Out-of-bounds Write) (NVD).

The vulnerability allows for remote code execution (RCE) with no additional execution privileges needed. An attacker could remotely execute code on a device without requiring user interaction or additional privileges, making this a particularly severe security risk (Malwarebytes).

Google has released security patches for this vulnerability in the November 2024 security update. The fix is available for Android versions 12, 12L, 13, 14, and 15. Users are strongly advised to update their devices to the security patch level 2024-11-05 or later to protect against this vulnerability (Malwarebytes).