Android Google Android Mobile operating system

Do you want an email whenever new security vulnerabilities are reported in Google Android?

Recent Google Android Security Advisories

Advisory Title Published
2024-09-01 Android Security Bulletin—September 2024 September 1, 2024
Pixel Update Bulletin—August 2024 | Android Open Source Project August 19, 2024
2024-08-01 Android Security Bulletin—August 2024 August 1, 2024
2024-07-01 Android Security Bulletin—July 2024 July 1, 2024
Pixel Update Bulletin—June 2024 | Android Open Source Project June 13, 2024
2024-06-01 Android Security Bulletin—June 2024 June 1, 2024
2024-05-15 Android Security Bulletin—May 2024 May 15, 2024
Pixel Update Bulletin—April 2024 | Android Open Source Project April 5, 2024
2024-04-01 Android Security Bulletin—April 2024 April 1, 2024
2024-03-01 Android Security Bulletin—March 2024 March 1, 2024

By the Year

In 2024 there have been 356 vulnerabilities in Google Android with an average score of 7.4 out of ten. Last year Android had 687 security vulnerabilities published. Right now, Android is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.69.

Year Vulnerabilities Average Score
2024 356 7.43
2023 687 6.74
2022 898 6.45
2021 574 6.60
2020 699 7.00
2019 491 7.11
2018 294 7.58

It may take a day or so for new Android vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Google Android Security Vulnerabilities

Imagination PowerVR-GPU in Android before 2024-09-05 has a High Severity Vulnerability

CVE-2024-31336 - September 11, 2024

Imagination PowerVR-GPU in Android before 2024-09-05 has a High Severity Vulnerability, aka A-337949672.

In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition

CVE-2024-23716 - September 11, 2024

In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In getRegistration of RemoteProvisioningService.java

CVE-2024-40659 - September 11, 2024

In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

In handleCreateConferenceComplete of ConnectionServiceWrapper.java

CVE-2024-40656 - September 11, 2024

In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

In addPreferencesForType of AccountTypePreferenceLoader.java

CVE-2024-40657 - September 11, 2024

In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to disable apps for other users due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In bindAndGetCallIdentification of CallScreeningServiceHelper.java

CVE-2024-40655 - September 11, 2024

In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In multiple locations, there is a possible permission bypass due to a confused deputy

CVE-2024-40654 - September 11, 2024

In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In onCreate of SettingsHomepageActivity.java

CVE-2024-40652 - September 11, 2024

In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state

CVE-2024-40650 - September 11, 2024

In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation

CVE-2024-40662 - September 11, 2024

In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow

CVE-2024-40658 - September 11, 2024

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver

CVE-2024-3655 - September 03, 2024

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r43p0 through r49p0; Valhall GPU Kernel Driver: from r43p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r43p0 through r49p0.

Cryptographic issue while parsing RSA keys in COBR format.

CVE-2024-23362 7.1 - High - September 02, 2024

Cryptographic issue while parsing RSA keys in COBR format.

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received

CVE-2024-23359 8.2 - High - September 02, 2024

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.

CVE-2024-23358 7.5 - High - September 02, 2024

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.

Memory corruption when two threads try to map and unmap a single node simultaneously.

CVE-2024-33060 7.8 - High - September 02, 2024

Memory corruption when two threads try to map and unmap a single node simultaneously.

Dangling pointer

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

CVE-2024-33057 7.5 - High - September 02, 2024

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

Out-of-bounds Read

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame

CVE-2024-23364 7.5 - High - September 02, 2024

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).

Memory corruption while releasing shared resources in MinkSocket listener thread.

CVE-2024-23365 8.4 - High - September 02, 2024

Memory corruption while releasing shared resources in MinkSocket listener thread.

Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.

CVE-2024-33054 7.8 - High - September 02, 2024

Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.

Memory Corruption

memory corruption when an invalid firehose patch command is invoked.

CVE-2024-33016 6.8 - Medium - September 02, 2024

memory corruption when an invalid firehose patch command is invoked.

Transient DOS while processing TIM IE

CVE-2024-33051 7.5 - High - September 02, 2024

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

Out-of-bounds Read

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

CVE-2024-33050 7.5 - High - September 02, 2024

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

Out-of-bounds Read

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.

CVE-2024-33048 7.5 - High - September 02, 2024

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.

Out-of-bounds Read

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

CVE-2024-33045 7.8 - High - September 02, 2024

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

Memory Corruption

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

CVE-2024-33043 5.5 - Medium - September 02, 2024

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

Memory corruption while passing untrusted/corrupted pointers

CVE-2024-33038 7.8 - High - September 02, 2024

Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.

Memory Corruption

Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.

CVE-2024-33035 8.4 - High - September 02, 2024

Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.

Memory corruption when user provides data for FM HCI command control operations.

CVE-2024-33052 7.8 - High - September 02, 2024

Memory corruption when user provides data for FM HCI command control operations.

Memory Corruption

Memory corruption when Alternative Frequency offset value is set to 255.

CVE-2024-33042 7.8 - High - September 02, 2024

Memory corruption when Alternative Frequency offset value is set to 255.

Memory Corruption

In power, there is a possible out of bounds read due to a missing bounds check

CVE-2024-20084 4.4 - Medium - September 02, 2024

In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561.

Out-of-bounds Read

In power, there is a possible out of bounds read due to a missing bounds check

CVE-2024-20085 4.4 - Medium - September 02, 2024

In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560.

Out-of-bounds Read

In vdec, there is a possible out of bounds write due to a missing bounds check

CVE-2024-20086 6.7 - Medium - September 02, 2024

In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1551.

Memory Corruption

In vdec, there is a possible out of bounds write due to a missing bounds check

CVE-2024-20087 6.7 - Medium - September 02, 2024

In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1550.

Memory Corruption

In keyinstall, there is a possible out of bounds read due to a missing bounds check

CVE-2024-20088 4.4 - Medium - September 02, 2024

In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932099; Issue ID: MSV-1543.

Out-of-bounds Read

In wlan, there is a possible denial of service due to incorrect error handling

CVE-2024-20089 7.5 - High - September 02, 2024

In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: MSV-1526.

Improper Check for Unusual or Exceptional Conditions

Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84

CVE-2024-7964 8.8 - High - August 21, 2024

Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84

CVE-2024-8034 4.3 - Medium - August 21, 2024

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking

CVE-2024-32927 7.8 - High - August 19, 2024

In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Dangling pointer

In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow

CVE-2024-31333 - August 15, 2024

In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow

CVE-2024-34727 7.5 - High - August 15, 2024

In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Classic Buffer Overflow

In shouldWrite of OwnersData.java, there is a possible edge case

CVE-2024-34742 - August 15, 2024

In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled

CVE-2024-34736 - August 15, 2024

In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code

CVE-2024-34743 - August 15, 2024

In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java

CVE-2024-34741 - August 15, 2024

In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java

CVE-2024-34740 - August 15, 2024

In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape

CVE-2024-34739 - August 15, 2024

In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In multiple functions of AppOpsService.java

CVE-2024-34738 - August 15, 2024

In multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read their own restrictRead app-op states due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java

CVE-2024-34737 - August 15, 2024

In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to generate unmovable and undeletable pip windows due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app

CVE-2024-34734 - August 15, 2024

In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition

CVE-2024-34731 - August 15, 2024

In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In Modem, there is a possible memory corruption due to a missing bounds check

CVE-2024-20082 - August 14, 2024

In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01182594; Issue ID: MSV-1529.

Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72

CVE-2024-6995 4.7 - Medium - August 06, 2024

Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Transient DOS while processing TID-to-link mapping IE elements.

CVE-2024-33020 7.5 - High - August 05, 2024

Transient DOS while processing TID-to-link mapping IE elements.

Transient DOS while parsing the received TID-to-link mapping action frame.

CVE-2024-33019 7.5 - High - August 05, 2024

Transient DOS while parsing the received TID-to-link mapping action frame.

Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.

CVE-2024-33018 7.5 - High - August 05, 2024

Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.

Transient DOS while parsing SCAN RNR IE when bytes received from AP is such

CVE-2024-33015 7.5 - High - August 05, 2024

Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.

Transient DOS while parsing ESP IE

CVE-2024-33014 7.5 - High - August 05, 2024

Transient DOS while parsing ESP IE from beacon/probe response frame.

Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.

CVE-2024-33013 7.5 - High - August 05, 2024

Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.

Transient DOS while parsing the multiple MBSSID IEs

CVE-2024-33012 7.5 - High - August 05, 2024

Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.

Transient DOS while parsing the MBSSID IE

CVE-2024-33011 7.5 - High - August 05, 2024

Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.

Transient DOS while parsing fragments of MBSSID IE

CVE-2024-33010 7.5 - High - August 05, 2024

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker.

CVE-2024-23384 8.4 - High - August 05, 2024

Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker.

Memory corruption when kernel driver attempts to trigger hardware fences.

CVE-2024-23383 8.4 - High - August 05, 2024

Memory corruption when kernel driver attempts to trigger hardware fences.

Memory corruption while processing graphics kernel driver request to create DMA fence.

CVE-2024-23382 8.4 - High - August 05, 2024

Memory corruption while processing graphics kernel driver request to create DMA fence.

Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.

CVE-2024-23381 8.4 - High - August 05, 2024

Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.

CVE-2024-33024 7.5 - High - August 05, 2024

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.

Memory corruption while creating a fence to wait on timeline events

CVE-2024-33023 8.4 - High - August 05, 2024

Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.

CVE-2024-23357 6.2 - Medium - August 05, 2024

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.

Memory corruption during session sign renewal request calls in HLOS.

CVE-2024-23356 7.8 - High - August 05, 2024

Memory corruption during session sign renewal request calls in HLOS.

Memory corruption when keymaster operation imports a shared key.

CVE-2024-23355 - August 05, 2024

Memory corruption when keymaster operation imports a shared key.

Transient DOS while decoding attach reject message received by UE

CVE-2024-23353 7.5 - High - August 05, 2024

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.

CVE-2024-23352 7.5 - High - August 05, 2024

Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.

Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.

CVE-2024-21481 8.4 - High - August 05, 2024

Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.

Permanent DOS when DL NAS transport receives multiple payloads such

CVE-2024-23350 6.5 - Medium - August 05, 2024

Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

CVE-2024-33025 7.5 - High - August 05, 2024

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.

CVE-2024-33028 8.4 - High - August 05, 2024

Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.

Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.

CVE-2024-33027 - August 05, 2024

Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.

Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.

CVE-2024-33026 7.5 - High - August 05, 2024

Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.

Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings

CVE-2024-33034 8.4 - High - August 05, 2024

Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver

CVE-2024-4607 7.8 - High - August 05, 2024

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.

Dangling pointer

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver

CVE-2024-2937 7.8 - High - August 05, 2024

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.

Dangling pointer

Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88

CVE-2024-6990 8.8 - High - August 01, 2024

Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)

Use of Uninitialized Resource

In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app

CVE-2024-31317 - July 09, 2024

In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

In newServiceInfoLocked of AutofillManagerServiceImpl.java

CVE-2024-31310 - July 09, 2024

In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In onResult of AccountManagerService.java

CVE-2024-31316 - July 09, 2024

In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In CompanionDeviceManagerService.java

CVE-2024-31318 - July 09, 2024

In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In updateNotificationChannel

CVE-2024-31319 - July 09, 2024

In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden

CVE-2024-31322 - July 09, 2024

In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In hide of WindowState.java

CVE-2024-31324 - July 09, 2024

In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code

CVE-2024-31325 - July 09, 2024

In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code

CVE-2024-31326 - July 09, 2024

In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible information leak due to a missing permission check

CVE-2024-31312 - July 09, 2024

In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation.

In onTransact of ParcelableListBinder.java , there is a possible way to steal m

CVE-2024-34723 - July 09, 2024

In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In smp_proc_rand of smp_act.cc

CVE-2024-34722 - July 09, 2024

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free

CVE-2024-31339 - July 09, 2024

In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check

CVE-2024-31332 - July 09, 2024

In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation

CVE-2024-34721 - July 09, 2024

In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp

CVE-2024-34720 - July 09, 2024

In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app zygote processes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code

CVE-2024-31331 - July 09, 2024

In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Google Android or by Google? Click the Watch button to subscribe.

Google
Vendor

Google Android
Mobile operating system

subscribe