CVE-2024-44100: 
NixOS vulnerability analysis and mitigation

Android before 2024-10-05 on Google Pixel devices contains a vulnerability that allows information disclosure in the modem component (A-299774545). This vulnerability was discovered and reported in October 2024 and affects Google Pixel devices running Android versions prior to the October 2024 security patch (Android Bulletin).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. This scoring indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges or user interaction, and can result in high confidentiality impact without affecting integrity or availability (NVD).

The vulnerability allows unauthorized information disclosure through the modem component of affected Google Pixel devices. Given the CVSS scoring, this could potentially lead to the exposure of sensitive information with high impact on confidentiality (NVD).

Users should update their Google Pixel devices to include the security patch level dated 2024-10-05 or later to address this vulnerability (Android Bulletin).