Google Android Mobile operating system
Recent Google Android Security Advisories
Advisory | Title | Published |
---|---|---|
2024-07-01 | Android Security Bulletin—July 2024 | July 1, 2024 |
Pixel Update Bulletin—June 2024 | Android Open Source Project | June 13, 2024 | |
2024-06-01 | Android Security Bulletin—June 2024 | June 1, 2024 |
2024-05-15 | Android Security Bulletin—May 2024 | May 15, 2024 |
Pixel Update Bulletin—April 2024 | Android Open Source Project | April 5, 2024 | |
2024-04-01 | Android Security Bulletin—April 2024 | April 1, 2024 |
2024-03-01 | Android Security Bulletin—March 2024 | March 1, 2024 |
Pixel Update Bulletin—February 2024 | Android Open Source Project | February 7, 2024 | |
2024-02-01 | Android Security Bulletin—February 2024 | February 1, 2024 |
2024-01-01 | Android Security Bulletin—January 2024 | January 1, 2024 |
By the Year
In 2024 there have been 264 vulnerabilities in Google Android with an average score of 7.5 out of ten. Last year Android had 683 security vulnerabilities published. Right now, Android is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.76.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 264 | 7.50 |
2023 | 683 | 6.74 |
2022 | 898 | 6.45 |
2021 | 574 | 6.60 |
2020 | 699 | 7.00 |
2019 | 491 | 7.11 |
2018 | 294 | 7.58 |
It may take a day or so for new Android vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Android Security Vulnerabilities
In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code
CVE-2024-31334
- July 09, 2024
In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation
CVE-2024-34721
- July 09, 2024
In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
In smp_proc_rand of smp_act.cc
CVE-2024-34722
- July 09, 2024
In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free
CVE-2024-31339
- July 09, 2024
In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check
CVE-2024-31332
- July 09, 2024
In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In onTransact of ParcelableListBinder.java , there is a possible way to steal m
CVE-2024-34723
- July 09, 2024
In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp
CVE-2024-34720
- July 09, 2024
In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app zygote processes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code
CVE-2024-31331
- July 09, 2024
In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
In setSkipPrompt of AssociationRequest.java
CVE-2024-31320
- July 09, 2024
In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code
CVE-2024-31335
- July 09, 2024
In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code
CVE-2024-23711
- July 09, 2024
In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a missing bounds check
CVE-2024-23698
- July 09, 2024
In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free
CVE-2024-23697
- July 09, 2024
In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free
CVE-2024-23696
- July 09, 2024
In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow
CVE-2024-23695
- July 09, 2024
In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition
CVE-2024-31327
- July 09, 2024
In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking
CVE-2024-31323
- July 09, 2024
In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of ManagedServices.java
CVE-2024-31315
- July 09, 2024
In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check
CVE-2024-31313
- July 09, 2024
In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check
CVE-2024-31311
- July 09, 2024
In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible permission bypass due to a confused deputy
CVE-2023-21114
- July 09, 2024
In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible permission bypass due to a confused deputy
CVE-2023-21113
- July 09, 2024
In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion
CVE-2024-31314
- July 09, 2024
In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible information leak due to a missing permission check
CVE-2024-31312
- July 09, 2024
In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code
CVE-2024-31326
- July 09, 2024
In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code
CVE-2024-31325
- July 09, 2024
In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In hide of WindowState.java
CVE-2024-31324
- July 09, 2024
In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden
CVE-2024-31322
- July 09, 2024
In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In updateNotificationChannel
CVE-2024-31319
- July 09, 2024
In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In CompanionDeviceManagerService.java
CVE-2024-31318
- July 09, 2024
In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app
CVE-2024-31317
- July 09, 2024
In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
In onResult of AccountManagerService.java
CVE-2024-31316
- July 09, 2024
In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In newServiceInfoLocked of AutofillManagerServiceImpl.java
CVE-2024-31310
- July 09, 2024
In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code execution due to a race condition
CVE-2024-34724
- July 09, 2024
In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition
CVE-2024-34725
- July 09, 2024
In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error in the code
CVE-2024-34726
- July 09, 2024
In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
CVE-2024-21469
7.8 - High
- July 01, 2024
Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
Memory Corruption
Memory corruption while processing key blob passed by the user.
CVE-2024-21465
7.8 - High
- July 01, 2024
Memory corruption while processing key blob passed by the user.
Out-of-bounds Read
Transient DOS while loading the TA ELF file.
CVE-2024-21462
5.5 - Medium
- July 01, 2024
Transient DOS while loading the TA ELF file.
Out-of-bounds Read
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.
CVE-2024-21460
6.5 - Medium
- July 01, 2024
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.
Use of Insufficiently Random Values
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
CVE-2024-21461
7.8 - High
- July 01, 2024
Memory corruption while performing finish HMAC operation when context is freed by keymaster.
Double-free
Memory corruption while handling user packets during VBO bind operation.
CVE-2024-23380
7.8 - High
- July 01, 2024
Memory corruption while handling user packets during VBO bind operation.
Dangling pointer
Memory corruption when allocating and accessing an entry in an SMEM partition.
CVE-2024-23368
7.8 - High
- July 01, 2024
Memory corruption when allocating and accessing an entry in an SMEM partition.
Classic Buffer Overflow
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.
CVE-2024-23372
7.8 - High
- July 01, 2024
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.
Integer Overflow or Wraparound
Memory corruption when IOMMU unmap operation fails
CVE-2024-23373
7.8 - High
- July 01, 2024
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
Dangling pointer
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware
CVE-2024-0153
- July 01, 2024
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware allows a local non-privileged user to make improper GPU processing operations to access a limited amount outside of buffer bounds. If the operations are carefully prepared, then this in turn could give them access to all system memory. This issue affects Valhall GPU Firmware: from r29p0 through r46p0; Arm 5th Gen GPU Architecture Firmware: from r41p0 through r46p0.
In Modem, there is a possible system crash due to incorrect error handling
CVE-2024-20076
- July 01, 2024
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297806; Issue ID: MSV-1481.
In Modem, there is a possible system crash due to incorrect error handling
CVE-2024-20077
- July 01, 2024
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297807; Issue ID: MSV-1482.
In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation
CVE-2024-29781
7.5 - High
- June 13, 2024
In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Out-of-bounds Read
In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow
CVE-2024-29784
7.8 - High
- June 13, 2024
In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Integer Overflow or Wraparound
In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data
CVE-2024-29785
5.5 - Medium
- June 13, 2024
In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Use of Uninitialized Resource
In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check
CVE-2024-29786
9.8 - Critical
- June 13, 2024
In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Memory Corruption
In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free
CVE-2024-29787
7.8 - High
- June 13, 2024
In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Dangling pointer
In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition
CVE-2024-32891
7 - High
- June 13, 2024
In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Race Condition
In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion
CVE-2024-32892
7.8 - High
- June 13, 2024
In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Object Type Confusion
In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting
CVE-2024-32893
5.5 - Medium
- June 13, 2024
In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Out-of-bounds Read
In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check
CVE-2024-32894
7.5 - High
- June 13, 2024
In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Out-of-bounds Read
In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check
CVE-2024-32895
7.8 - High
- June 13, 2024
In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Memory Corruption
In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() of protocolsmsadapter.cpp
CVE-2024-32897
5.9 - Medium
- June 13, 2024
In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() of protocolsmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.
Out-of-bounds Read
In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check
CVE-2024-32898
4.7 - Medium
- June 13, 2024
In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.
Out-of-bounds Read
In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition
CVE-2024-32899
7 - High
- June 13, 2024
In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation.
Race Condition
In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking
CVE-2024-32900
7.8 - High
- June 13, 2024
In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking. This could lead to local escalation of privilege from hal_camera_default SELinux label with no additional execution privileges needed. User interaction is not needed for exploitation.
Dangling pointer
In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check
CVE-2024-32901
7.8 - High
- June 13, 2024
In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Memory Corruption
In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation
CVE-2024-32903
7.8 - High
- June 13, 2024
In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Memory Corruption
In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check
CVE-2024-32904
4.7 - Medium
- June 13, 2024
In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.
Out-of-bounds Read
In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check
CVE-2024-32905
9.8 - Critical
- June 13, 2024
In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Memory Corruption
In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data
CVE-2024-32906
7.8 - High
- June 13, 2024
In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Use of Uninitialized Resource
In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation
CVE-2024-32907
7.8 - High
- June 13, 2024
In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Classic Buffer Overflow
In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c
CVE-2024-29780
5.5 - Medium
- June 13, 2024
In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Use of Uninitialized Resource
In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp
CVE-2024-29778
4.7 - Medium
- June 13, 2024
In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.
Out-of-bounds Read
In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow
CVE-2024-32913
9.8 - Critical
- June 13, 2024
In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Memory Corruption
In sec_media_protect of media.c, there is a possible permission bypass due to a race condition
CVE-2024-32908
7.8 - High
- June 13, 2024
In sec_media_protect of media.c, there is a possible permission bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Race Condition
In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow
CVE-2024-32909
7.8 - High
- June 13, 2024
In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Memory Corruption
there is a possible persistent Denial of Service due to test/debugging code left in a production build
CVE-2024-32912
5.5 - Medium
- June 13, 2024
there is a possible persistent Denial of Service due to test/debugging code left in a production build. This could lead to local denial of service of impaired use of the device with no additional execution privileges needed. User interaction is not needed for exploitation.
Remote prevention of access to cellular service with no user interaction (for example
CVE-2024-32902
7.5 - High
- June 13, 2024
Remote prevention of access to cellular service with no user interaction (for example, crashing the cellular radio service with a malformed packet)
There is a possible escalation of privilege due to improperly used crypto
CVE-2024-32911
9.8 - Critical
- June 13, 2024
There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Use of a Broken or Risky Cryptographic Algorithm
In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data
CVE-2024-32910
5.5 - Medium
- June 13, 2024
In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Use of Uninitialized Resource
there is a possible way to bypass due to a logic error in the code
CVE-2024-32896
7.8 - High
- June 13, 2024
there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver
CVE-2024-4610
5.5 - Medium
- June 07, 2024
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.
Dangling pointer
Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.
CVE-2023-43538
9.3 - Critical
- June 03, 2024
Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.
Cryptographic issue while performing attach with a LTE network, a rogue base station
CVE-2023-43551
9.1 - Critical
- June 03, 2024
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.
Memory corruption in Hypervisor when platform information mentioned is not aligned.
CVE-2023-43556
9.3 - Critical
- June 03, 2024
Memory corruption in Hypervisor when platform information mentioned is not aligned.
Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
CVE-2023-43542
7.8 - High
- June 03, 2024
Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.
CVE-2024-23363
7.5 - High
- June 03, 2024
Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.
In telephony, there is a possible information disclosure due to a missing permission check
CVE-2024-20065
- June 03, 2024
In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08698617; Issue ID: MSV-1394.
In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check
CVE-2024-20069
- June 03, 2024
In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01286330; Issue ID: MSV-1430.
In modem, there is a possible out of bounds write due to an incorrect bounds check
CVE-2024-20066
- June 03, 2024
In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01267281; Issue ID: MSV-1477.
In modem, there is a possible out of bounds write due to improper input invalidation
CVE-2024-20067
- June 03, 2024
In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267285; Issue ID: MSV-1462.
In modem, there is a possible system crash due to improper input validation
CVE-2024-20068
- June 03, 2024
In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01270721; Issue ID: MSV-1479.
In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto
CVE-2024-0042
- May 07, 2024
In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion
CVE-2024-0027
- May 07, 2024
In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion
CVE-2024-0026
- May 07, 2024
In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DIS
CVE-2024-23704
- May 07, 2024
In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of AppOpsService.java
CVE-2024-23712
- May 07, 2024
In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of CompanionDeviceManagerService.java
CVE-2024-0022
- May 07, 2024
In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
In migrateNotificationFilter of NotificationManagerService.java
CVE-2024-23713
- May 07, 2024
In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java
CVE-2024-23710
- May 07, 2024
In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible out of bounds write due to a heap buffer overflow
CVE-2024-23709
- May 07, 2024
In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
In multiple locations, there is a possible permissions bypass due to improper input validation
CVE-2024-23707
- May 07, 2024
In multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In multiple locations
CVE-2024-0043
- May 07, 2024
In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Google Android or by Google? Click the Watch button to subscribe.
![subscribe](/images/undraw_subscriber_vabu.png)