cve_2024_29745_pixel_information_disclosure

1. #!/usr/bin/env python3
2. # -*- coding: utf-8 -*-
3. # Filename: cve_2024_29745_pixel_information_disclosure.py
4. # Version: 1.0.0
5. # Author: Jeoi Reqi
6. # Vulnerability Source: https://nvd.nist.gov/vuln/detail/CVE-2024-29745
7.  
8. """
9. Description:
10. This script checks if the system is affected by CVE-2024-29745, an information disclosure vulnerability in Android Pixel devices.
11. The vulnerability allows for local information disclosure due to uninitialized data, without requiring additional execution privileges.
12. The script retrieves the system's configuration and compares it with the affected software configuration mentioned in the CVE details.
13. If they match, it indicates that the system is affected, and mitigations per vendor instructions or discontinuation of product use are recommended.
14.  
15. Requirements:
16. - Python 3.x
17. - Android Pixel
18.  
19. Usage:
20. Execute the script using `python cve_2024_29745_pixel_information_disclosure.py`.
21.  
22. Functions:
23. - get_system_configuration(): Retrieves the system's configuration as a Common Platform Enumeration (CPE) string.
24. - check_vulnerability(system_configuration, affected_configuration): Checks if the system is affected by the vulnerability.
25.  
26. Important Notes:
27. - The system configuration is determined based on the platform information retrieved using the `platform` module.
28. - The affected software configuration mentioned in the CVE details is hardcoded in the script for comparison.
29. """
30.  
31. import platform
32.  
33. def get_system_configuration():
34.     """
35.    Retrieves the system's configuration as a Common Platform Enumeration (CPE) string.
36.    This function returns the Android version of a Google Pixel device.
37.    """
38.     # Retrieve the system's platform information
39.     platform_info = platform.platform()
40.  
41.     # Check if the platform information contains 'Android' and 'Pixel'
42.     if 'Android' in platform_info and 'Pixel' in platform_info:
43.         # Return the system configuration as a CPE string
44.         return "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
45.     else:
46.         # Return None if the system configuration does not match the desired format
47.         return None
48.  
49. def check_vulnerability(system_configuration, affected_configuration):
50.     """
51.    Checks if the system is affected by the vulnerability.
52.    """
53.     if system_configuration == affected_configuration:
54.         print("The system is affected by CVE-2024-29745.")
55.         print("Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.")
56.     else:
57.         print("The system is not affected by CVE-2024-29745.")
58.  
59. # Get the system configuration
60. system_configuration = get_system_configuration()
61.  
62. # Define the affected software configuration
63. affected_configuration = "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
64.  
65. # Check vulnerability
66. if system_configuration:
67.     check_vulnerability(system_configuration, affected_configuration)
68. else:
69.     print("Unable to retrieve system configuration.")
70.  
71.