Google Software and search
Products by Google Sorted by Most Security Vulnerabilities since 2018
Google BoringSSL1 vulnerability
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Recent Google Security Advisories
Advisory | Title | Published |
---|---|---|
Chrome Releases: Stable Channel Update for Desktop | July 16, 2024 | |
2024-07-01 | Android Security Bulletin—July 2024 | July 1, 2024 |
Pixel Update Bulletin—June 2024 | Android Open Source Project | June 13, 2024 | |
2024-06-01 | Android Security Bulletin—June 2024 | June 1, 2024 |
Chrome Releases: Stable Channel Update for Desktop | May 28, 2024 | |
Chrome Releases: Stable Channel Update for Desktop | May 15, 2024 | |
2024-05-15 | Android Security Bulletin—May 2024 | May 15, 2024 |
Chrome Releases: Stable Channel Update for Desktop | May 14, 2024 | |
Chrome Releases: Stable Channel Update for Desktop | May 14, 2024 | |
Chrome Releases: Stable Channel Update for Desktop | May 1, 2024 |
Known Exploited Google Vulnerabilities
The following Google vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Google Chromium V8 Type Confusion Vulnerability | Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-5274 | May 28, 2024 |
Google Chromium V8 Type Confusion Vulnerability | Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. CVE-2024-4947 | May 20, 2024 |
Google Chromium V8 Out-of-Bounds Memory Write Vulnerability | Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-4761 | May 16, 2024 |
Google Chromium Visuals Use-After-Free Vulnerability | Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-4671 | May 13, 2024 |
Google Chromium V8 Type Confusion Vulnerability | Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. CVE-2023-4762 | February 6, 2024 |
Google Chromium V8 Out-of-Bounds Memory Access Vulnerability | Google Chromium V8 contains an out-of-bounds memory access vulnerability. Specific impacts from exploitation are not available at this time. CVE-2024-0519 | January 17, 2024 |
Google Skia Integer Overflow Vulnerability | Google Skia contains an integer overflow vulnerability affecting Google Chrome and ChromeOS, Android, Flutter, and possibly other products. CVE-2023-6345 | November 30, 2023 |
Google Chrome libvpx Heap Buffer Overflow Vulnerability | Google Chrome libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2023-5217 | October 2, 2023 |
Google Chromium Heap-Based Buffer Overflow Vulnerability | Google Chromium contains a heap-based buffer overflow vulnerability in WebP that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. CVE-2023-4863 | September 13, 2023 |
Google Chromium V8 Type Confusion Vulnerability | Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2023-3079 | June 7, 2023 |
Google Chrome Skia Integer Overflow Vulnerability | Google Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products. CVE-2023-2136 | April 21, 2023 |
Google Chromium V8 Engine Type Confusion Vulnerability | Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time. CVE-2023-2033 | April 17, 2023 |
Google Chrome Use-After-Free Vulnerability | Google Chrome contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption. CVE-2022-3038 | March 30, 2023 |
Google Chromium V8 Type Confusion Vulnerability | Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time. CVE-2022-4262 | December 5, 2022 |
Google Chrome Heap Buffer Overflow Vulnerability | Google Chrome GPU contains a heap buffer overflow vulnerability that allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-4135 | November 28, 2022 |
Google Chromium V8 Type Confusion Vulnerability | Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time. CVE-2022-3723 | October 28, 2022 |
Google Chromium Insufficient Data Validation Vulnerability | Google Chromium Mojo contains an insufficient data validation vulnerability. Impacts from exploitation are not yet known. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge. CVE-2022-3075 | September 8, 2022 |
Google Chrome Intents Insufficient Input Validation Vulnerability | Google Chrome Intents allows for insufficient validation of untrusted input, causing unknown impacts. CISA will update this description if more information becomes available. CVE-2022-2856 | August 18, 2022 |
Google Chromium Security Bypass Vulnerability | Insufficient policy enforcement in the PopupBlocker for Chromium allows an attacker to remotely bypass security mechanisms. This vulnerability impacts web browsers using Chromium such as Chrome and Edge. CVE-2021-30533 | June 27, 2022 |
Google Chromium V8 Out-of-Bounds Memory Vulnerability | Google Chromium V8 Engine contains an out-of-bounds memory vulnerability. CVE-2016-5198 | June 8, 2022 |
By the Year
In 2024 there have been 340 vulnerabilities in Google with an average score of 7.7 out of ten. Last year Google had 958 security vulnerabilities published. Right now, Google is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.72.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 340 | 7.69 |
2023 | 958 | 6.96 |
2022 | 1385 | 6.89 |
2021 | 1123 | 7.02 |
2020 | 987 | 7.10 |
2019 | 809 | 7.11 |
2018 | 419 | 7.41 |
It may take a day or so for new Google vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Security Vulnerabilities
Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139
CVE-2024-2884
6.5 - Medium
- July 16, 2024
Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
Out-of-bounds Read
Use after free in DevTools in Google Chrome prior to 122.0.6261.57
CVE-2024-3168
8.8 - High
- July 16, 2024
Use after free in DevTools in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Use after free in V8 in Google Chrome prior to 121.0.6167.139
CVE-2024-3169
8.8 - High
- July 16, 2024
Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in WebRTC in Google Chrome prior to 121.0.6167.85
CVE-2024-3170
8.8 - High
- July 16, 2024
Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Accessibility in Google Chrome prior to 122.0.6261.57
CVE-2024-3171
8.8 - High
- July 16, 2024
Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
Dangling pointer
Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85
CVE-2024-3172
8.8 - High
- July 16, 2024
Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62
CVE-2024-3173
8.8 - High
- July 16, 2024
Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
Insufficient Verification of Data Authenticity
Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105
CVE-2024-3174
8.8 - High
- July 16, 2024
Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62
CVE-2024-3175
6.3 - Medium
- July 16, 2024
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)
Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62
CVE-2024-3176
8.8 - High
- July 16, 2024
Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351
CVE-2024-5500
6.5 - Medium
- July 16, 2024
Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error in the code
CVE-2024-34726
- July 09, 2024
In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition
CVE-2024-34725
- July 09, 2024
In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code execution due to a race condition
CVE-2024-34724
- July 09, 2024
In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code
CVE-2024-31335
- July 09, 2024
In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code
CVE-2024-31334
- July 09, 2024
In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation
CVE-2024-34721
- July 09, 2024
In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
In smp_proc_rand of smp_act.cc
CVE-2024-34722
- July 09, 2024
In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free
CVE-2024-31339
- July 09, 2024
In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check
CVE-2024-31332
- July 09, 2024
In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In onTransact of ParcelableListBinder.java , there is a possible way to steal m
CVE-2024-34723
- July 09, 2024
In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp
CVE-2024-34720
- July 09, 2024
In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app zygote processes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code
CVE-2024-31331
- July 09, 2024
In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
In setSkipPrompt of AssociationRequest.java
CVE-2024-31320
- July 09, 2024
In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code
CVE-2024-23711
- July 09, 2024
In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a missing bounds check
CVE-2024-23698
- July 09, 2024
In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free
CVE-2024-23697
- July 09, 2024
In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free
CVE-2024-23696
- July 09, 2024
In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow
CVE-2024-23695
- July 09, 2024
In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition
CVE-2024-31327
- July 09, 2024
In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking
CVE-2024-31323
- July 09, 2024
In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of ManagedServices.java
CVE-2024-31315
- July 09, 2024
In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check
CVE-2024-31313
- July 09, 2024
In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check
CVE-2024-31311
- July 09, 2024
In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible permission bypass due to a confused deputy
CVE-2023-21114
- July 09, 2024
In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible permission bypass due to a confused deputy
CVE-2023-21113
- July 09, 2024
In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion
CVE-2024-31314
- July 09, 2024
In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible information leak due to a missing permission check
CVE-2024-31312
- July 09, 2024
In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code
CVE-2024-31326
- July 09, 2024
In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code
CVE-2024-31325
- July 09, 2024
In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In hide of WindowState.java
CVE-2024-31324
- July 09, 2024
In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden
CVE-2024-31322
- July 09, 2024
In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In updateNotificationChannel
CVE-2024-31319
- July 09, 2024
In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In CompanionDeviceManagerService.java
CVE-2024-31318
- July 09, 2024
In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app
CVE-2024-31317
- July 09, 2024
In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
In onResult of AccountManagerService.java
CVE-2024-31316
- July 09, 2024
In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In newServiceInfoLocked of AutofillManagerServiceImpl.java
CVE-2024-31310
- July 09, 2024
In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Memory corruption while handling user packets during VBO bind operation.
CVE-2024-23380
7.8 - High
- July 01, 2024
Memory corruption while handling user packets during VBO bind operation.
Dangling pointer
Memory corruption when IOMMU unmap operation fails
CVE-2024-23373
7.8 - High
- July 01, 2024
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
Dangling pointer
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.
CVE-2024-23372
7.8 - High
- July 01, 2024
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.
Integer Overflow or Wraparound
Memory corruption when allocating and accessing an entry in an SMEM partition.
CVE-2024-23368
7.8 - High
- July 01, 2024
Memory corruption when allocating and accessing an entry in an SMEM partition.
Classic Buffer Overflow
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
CVE-2024-21461
7.8 - High
- July 01, 2024
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
Double-free
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.
CVE-2024-21460
6.5 - Medium
- July 01, 2024
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.
Use of Insufficiently Random Values
Transient DOS while loading the TA ELF file.
CVE-2024-21462
5.5 - Medium
- July 01, 2024
Transient DOS while loading the TA ELF file.
Out-of-bounds Read
Memory corruption while processing key blob passed by the user.
CVE-2024-21465
7.8 - High
- July 01, 2024
Memory corruption while processing key blob passed by the user.
Out-of-bounds Read
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
CVE-2024-21469
7.8 - High
- July 01, 2024
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
Memory Corruption
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware
CVE-2024-0153
- July 01, 2024
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware allows a local non-privileged user to make improper GPU processing operations to access a limited amount outside of buffer bounds. If the operations are carefully prepared, then this in turn could give them access to all system memory. This issue affects Valhall GPU Firmware: from r29p0 through r46p0; Arm 5th Gen GPU Architecture Firmware: from r41p0 through r46p0.
In Modem, there is a possible system crash due to incorrect error handling
CVE-2024-20077
- July 01, 2024
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297807; Issue ID: MSV-1482.
In Modem, there is a possible system crash due to incorrect error handling
CVE-2024-20076
- July 01, 2024
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297806; Issue ID: MSV-1481.
Use after free in Dawn in Google Chrome prior to 126.0.6478.114
CVE-2024-6103
8.8 - High
- June 20, 2024
Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114
CVE-2024-6102
8.8 - High
- June 20, 2024
Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114
CVE-2024-6101
8.8 - High
- June 20, 2024
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page
CVE-2024-6100
8.8 - High
- June 20, 2024
Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check
CVE-2024-32894
7.5 - High
- June 13, 2024
In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Out-of-bounds Read
In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check
CVE-2024-32895
7.8 - High
- June 13, 2024
In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Memory Corruption
In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() of protocolsmsadapter.cpp
CVE-2024-32897
5.9 - Medium
- June 13, 2024
In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() of protocolsmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.
Out-of-bounds Read
In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check
CVE-2024-32898
4.7 - Medium
- June 13, 2024
In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.
Out-of-bounds Read
In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting
CVE-2024-32893
5.5 - Medium
- June 13, 2024
In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Out-of-bounds Read
In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion
CVE-2024-32892
7.8 - High
- June 13, 2024
In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Object Type Confusion
In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition
CVE-2024-32891
7 - High
- June 13, 2024
In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Race Condition
In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition
CVE-2024-32899
7 - High
- June 13, 2024
In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation.
Race Condition
In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking
CVE-2024-32900
7.8 - High
- June 13, 2024
In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking. This could lead to local escalation of privilege from hal_camera_default SELinux label with no additional execution privileges needed. User interaction is not needed for exploitation.
Dangling pointer
In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check
CVE-2024-32901
7.8 - High
- June 13, 2024
In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Memory Corruption
In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation
CVE-2024-32903
7.8 - High
- June 13, 2024
In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Memory Corruption
In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check
CVE-2024-32904
4.7 - Medium
- June 13, 2024
In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.
Out-of-bounds Read
In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check
CVE-2024-32905
9.8 - Critical
- June 13, 2024
In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Memory Corruption
In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data
CVE-2024-32906
7.8 - High
- June 13, 2024
In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Use of Uninitialized Resource
In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation
CVE-2024-32907
7.8 - High
- June 13, 2024
In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Classic Buffer Overflow
In sec_media_protect of media.c, there is a possible permission bypass due to a race condition
CVE-2024-32908
7.8 - High
- June 13, 2024
In sec_media_protect of media.c, there is a possible permission bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Race Condition
In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow
CVE-2024-32909
7.8 - High
- June 13, 2024
In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Memory Corruption
In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c
CVE-2024-29780
5.5 - Medium
- June 13, 2024
In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Use of Uninitialized Resource
In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp
CVE-2024-29778
4.7 - Medium
- June 13, 2024
In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.
Out-of-bounds Read
In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow
CVE-2024-32913
9.8 - Critical
- June 13, 2024
In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Memory Corruption
there is a possible persistent Denial of Service due to test/debugging code left in a production build
CVE-2024-32912
5.5 - Medium
- June 13, 2024
there is a possible persistent Denial of Service due to test/debugging code left in a production build. This could lead to local denial of service of impaired use of the device with no additional execution privileges needed. User interaction is not needed for exploitation.
There is a possible escalation of privilege due to improperly used crypto
CVE-2024-32911
9.8 - Critical
- June 13, 2024
There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Use of a Broken or Risky Cryptographic Algorithm
In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data
CVE-2024-32910
5.5 - Medium
- June 13, 2024
In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Use of Uninitialized Resource
Remote prevention of access to cellular service with no user interaction (for example
CVE-2024-32902
7.5 - High
- June 13, 2024
Remote prevention of access to cellular service with no user interaction (for example, crashing the cellular radio service with a malformed packet)
In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free
CVE-2024-29787
7.8 - High
- June 13, 2024
In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Dangling pointer
there is a possible way to bypass due to a logic error in the code
CVE-2024-32896
7.8 - High
- June 13, 2024
there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check
CVE-2024-29786
9.8 - Critical
- June 13, 2024
In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Memory Corruption
In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data
CVE-2024-29785
5.5 - Medium
- June 13, 2024
In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Use of Uninitialized Resource
In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow
CVE-2024-29784
7.8 - High
- June 13, 2024
In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Integer Overflow or Wraparound
In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation
CVE-2024-29781
7.5 - High
- June 13, 2024
In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Out-of-bounds Read
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54
CVE-2024-5834
8.8 - High
- June 11, 2024
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54
CVE-2024-5838
8.8 - High
- June 11, 2024
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54
CVE-2024-5837
8.8 - High
- June 11, 2024
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54
CVE-2024-5836
8.8 - High
- June 11, 2024
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)
Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54
CVE-2024-5835
8.8 - High
- June 11, 2024
Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Use after free in Dawn in Google Chrome prior to 126.0.6478.54
CVE-2024-5831
8.8 - High
- June 11, 2024
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54
CVE-2024-5830
8.8 - High
- June 11, 2024
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion