Google Android Mobile operating system
Recent Google Android Security Advisories
Advisory | Title | Published |
---|---|---|
2024-09-01 | Android Security Bulletin—September 2024 | September 1, 2024 |
Pixel Update Bulletin—August 2024 | Android Open Source Project | August 19, 2024 | |
2024-08-01 | Android Security Bulletin—August 2024 | August 1, 2024 |
2024-07-01 | Android Security Bulletin—July 2024 | July 1, 2024 |
Pixel Update Bulletin—June 2024 | Android Open Source Project | June 13, 2024 | |
2024-06-01 | Android Security Bulletin—June 2024 | June 1, 2024 |
2024-05-15 | Android Security Bulletin—May 2024 | May 15, 2024 |
Pixel Update Bulletin—April 2024 | Android Open Source Project | April 5, 2024 | |
2024-04-01 | Android Security Bulletin—April 2024 | April 1, 2024 |
2024-03-01 | Android Security Bulletin—March 2024 | March 1, 2024 |
By the Year
In 2024 there have been 356 vulnerabilities in Google Android with an average score of 7.4 out of ten. Last year Android had 687 security vulnerabilities published. Right now, Android is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.69.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 356 | 7.43 |
2023 | 687 | 6.74 |
2022 | 898 | 6.45 |
2021 | 574 | 6.60 |
2020 | 699 | 7.00 |
2019 | 491 | 7.11 |
2018 | 294 | 7.58 |
It may take a day or so for new Android vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Android Security Vulnerabilities
Imagination PowerVR-GPU in Android before 2024-09-05 has a High Severity Vulnerability
CVE-2024-31336
- September 11, 2024
Imagination PowerVR-GPU in Android before 2024-09-05 has a High Severity Vulnerability, aka A-337949672.
In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition
CVE-2024-23716
- September 11, 2024
In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In getRegistration of RemoteProvisioningService.java
CVE-2024-40659
- September 11, 2024
In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
In handleCreateConferenceComplete of ConnectionServiceWrapper.java
CVE-2024-40656
- September 11, 2024
In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
In addPreferencesForType of AccountTypePreferenceLoader.java
CVE-2024-40657
- September 11, 2024
In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to disable apps for other users due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In bindAndGetCallIdentification of CallScreeningServiceHelper.java
CVE-2024-40655
- September 11, 2024
In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In multiple locations, there is a possible permission bypass due to a confused deputy
CVE-2024-40654
- September 11, 2024
In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In onCreate of SettingsHomepageActivity.java
CVE-2024-40652
- September 11, 2024
In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state
CVE-2024-40650
- September 11, 2024
In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation
CVE-2024-40662
- September 11, 2024
In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow
CVE-2024-40658
- September 11, 2024
In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver
CVE-2024-3655
- September 03, 2024
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r43p0 through r49p0; Valhall GPU Kernel Driver: from r43p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r43p0 through r49p0.
Cryptographic issue while parsing RSA keys in COBR format.
CVE-2024-23362
7.1 - High
- September 02, 2024
Cryptographic issue while parsing RSA keys in COBR format.
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received
CVE-2024-23359
8.2 - High
- September 02, 2024
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.
CVE-2024-23358
7.5 - High
- September 02, 2024
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.
Memory corruption when two threads try to map and unmap a single node simultaneously.
CVE-2024-33060
7.8 - High
- September 02, 2024
Memory corruption when two threads try to map and unmap a single node simultaneously.
Dangling pointer
Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
CVE-2024-33057
7.5 - High
- September 02, 2024
Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
Out-of-bounds Read
Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame
CVE-2024-23364
7.5 - High
- September 02, 2024
Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).
Memory corruption while releasing shared resources in MinkSocket listener thread.
CVE-2024-23365
8.4 - High
- September 02, 2024
Memory corruption while releasing shared resources in MinkSocket listener thread.
Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.
CVE-2024-33054
7.8 - High
- September 02, 2024
Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.
Memory Corruption
memory corruption when an invalid firehose patch command is invoked.
CVE-2024-33016
6.8 - Medium
- September 02, 2024
memory corruption when an invalid firehose patch command is invoked.
Transient DOS while processing TIM IE
CVE-2024-33051
7.5 - High
- September 02, 2024
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
Out-of-bounds Read
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
CVE-2024-33050
7.5 - High
- September 02, 2024
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
Out-of-bounds Read
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
CVE-2024-33048
7.5 - High
- September 02, 2024
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
Out-of-bounds Read
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
CVE-2024-33045
7.8 - High
- September 02, 2024
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
Memory Corruption
Transient DOS while handling PS event when Program Service name length offset value is set to 255.
CVE-2024-33043
5.5 - Medium
- September 02, 2024
Transient DOS while handling PS event when Program Service name length offset value is set to 255.
Memory corruption while passing untrusted/corrupted pointers
CVE-2024-33038
7.8 - High
- September 02, 2024
Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.
Memory Corruption
Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.
CVE-2024-33035
8.4 - High
- September 02, 2024
Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.
Memory corruption when user provides data for FM HCI command control operations.
CVE-2024-33052
7.8 - High
- September 02, 2024
Memory corruption when user provides data for FM HCI command control operations.
Memory Corruption
Memory corruption when Alternative Frequency offset value is set to 255.
CVE-2024-33042
7.8 - High
- September 02, 2024
Memory corruption when Alternative Frequency offset value is set to 255.
Memory Corruption
In power, there is a possible out of bounds read due to a missing bounds check
CVE-2024-20084
4.4 - Medium
- September 02, 2024
In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561.
Out-of-bounds Read
In power, there is a possible out of bounds read due to a missing bounds check
CVE-2024-20085
4.4 - Medium
- September 02, 2024
In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560.
Out-of-bounds Read
In vdec, there is a possible out of bounds write due to a missing bounds check
CVE-2024-20086
6.7 - Medium
- September 02, 2024
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1551.
Memory Corruption
In vdec, there is a possible out of bounds write due to a missing bounds check
CVE-2024-20087
6.7 - Medium
- September 02, 2024
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1550.
Memory Corruption
In keyinstall, there is a possible out of bounds read due to a missing bounds check
CVE-2024-20088
4.4 - Medium
- September 02, 2024
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932099; Issue ID: MSV-1543.
Out-of-bounds Read
In wlan, there is a possible denial of service due to incorrect error handling
CVE-2024-20089
7.5 - High
- September 02, 2024
In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: MSV-1526.
Improper Check for Unusual or Exceptional Conditions
Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84
CVE-2024-7964
8.8 - High
- August 21, 2024
Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84
CVE-2024-8034
4.3 - Medium
- August 21, 2024
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking
CVE-2024-32927
7.8 - High
- August 19, 2024
In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Dangling pointer
In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow
CVE-2024-31333
- August 15, 2024
In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow
CVE-2024-34727
7.5 - High
- August 15, 2024
In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Classic Buffer Overflow
In shouldWrite of OwnersData.java, there is a possible edge case
CVE-2024-34742
- August 15, 2024
In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled
CVE-2024-34736
- August 15, 2024
In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code
CVE-2024-34743
- August 15, 2024
In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java
CVE-2024-34741
- August 15, 2024
In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java
CVE-2024-34740
- August 15, 2024
In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape
CVE-2024-34739
- August 15, 2024
In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In multiple functions of AppOpsService.java
CVE-2024-34738
- August 15, 2024
In multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read their own restrictRead app-op states due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java
CVE-2024-34737
- August 15, 2024
In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to generate unmovable and undeletable pip windows due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app
CVE-2024-34734
- August 15, 2024
In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition
CVE-2024-34731
- August 15, 2024
In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In Modem, there is a possible memory corruption due to a missing bounds check
CVE-2024-20082
- August 14, 2024
In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01182594; Issue ID: MSV-1529.
Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72
CVE-2024-6995
4.7 - Medium
- August 06, 2024
Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
Transient DOS while processing TID-to-link mapping IE elements.
CVE-2024-33020
7.5 - High
- August 05, 2024
Transient DOS while processing TID-to-link mapping IE elements.
Transient DOS while parsing the received TID-to-link mapping action frame.
CVE-2024-33019
7.5 - High
- August 05, 2024
Transient DOS while parsing the received TID-to-link mapping action frame.
Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.
CVE-2024-33018
7.5 - High
- August 05, 2024
Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.
Transient DOS while parsing SCAN RNR IE when bytes received from AP is such
CVE-2024-33015
7.5 - High
- August 05, 2024
Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.
Transient DOS while parsing ESP IE
CVE-2024-33014
7.5 - High
- August 05, 2024
Transient DOS while parsing ESP IE from beacon/probe response frame.
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
CVE-2024-33013
7.5 - High
- August 05, 2024
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
Transient DOS while parsing the multiple MBSSID IEs
CVE-2024-33012
7.5 - High
- August 05, 2024
Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
Transient DOS while parsing the MBSSID IE
CVE-2024-33011
7.5 - High
- August 05, 2024
Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
Transient DOS while parsing fragments of MBSSID IE
CVE-2024-33010
7.5 - High
- August 05, 2024
Transient DOS while parsing fragments of MBSSID IE from beacon frame.
Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker.
CVE-2024-23384
8.4 - High
- August 05, 2024
Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker.
Memory corruption when kernel driver attempts to trigger hardware fences.
CVE-2024-23383
8.4 - High
- August 05, 2024
Memory corruption when kernel driver attempts to trigger hardware fences.
Memory corruption while processing graphics kernel driver request to create DMA fence.
CVE-2024-23382
8.4 - High
- August 05, 2024
Memory corruption while processing graphics kernel driver request to create DMA fence.
Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.
CVE-2024-23381
8.4 - High
- August 05, 2024
Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.
Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.
CVE-2024-33024
7.5 - High
- August 05, 2024
Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.
Memory corruption while creating a fence to wait on timeline events
CVE-2024-33023
8.4 - High
- August 05, 2024
Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.
CVE-2024-23357
6.2 - Medium
- August 05, 2024
Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.
Memory corruption during session sign renewal request calls in HLOS.
CVE-2024-23356
7.8 - High
- August 05, 2024
Memory corruption during session sign renewal request calls in HLOS.
Memory corruption when keymaster operation imports a shared key.
CVE-2024-23355
- August 05, 2024
Memory corruption when keymaster operation imports a shared key.
Transient DOS while decoding attach reject message received by UE
CVE-2024-23353
7.5 - High
- August 05, 2024
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.
CVE-2024-23352
7.5 - High
- August 05, 2024
Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.
Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.
CVE-2024-21481
8.4 - High
- August 05, 2024
Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.
Permanent DOS when DL NAS transport receives multiple payloads such
CVE-2024-23350
6.5 - Medium
- August 05, 2024
Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.
Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
CVE-2024-33025
7.5 - High
- August 05, 2024
Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
CVE-2024-33028
8.4 - High
- August 05, 2024
Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.
CVE-2024-33027
- August 05, 2024
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.
Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.
CVE-2024-33026
7.5 - High
- August 05, 2024
Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.
Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings
CVE-2024-33034
8.4 - High
- August 05, 2024
Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver
CVE-2024-4607
7.8 - High
- August 05, 2024
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.
Dangling pointer
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver
CVE-2024-2937
7.8 - High
- August 05, 2024
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.
Dangling pointer
Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88
CVE-2024-6990
8.8 - High
- August 01, 2024
Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)
Use of Uninitialized Resource
In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app
CVE-2024-31317
- July 09, 2024
In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
In newServiceInfoLocked of AutofillManagerServiceImpl.java
CVE-2024-31310
- July 09, 2024
In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In onResult of AccountManagerService.java
CVE-2024-31316
- July 09, 2024
In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In CompanionDeviceManagerService.java
CVE-2024-31318
- July 09, 2024
In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In updateNotificationChannel
CVE-2024-31319
- July 09, 2024
In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden
CVE-2024-31322
- July 09, 2024
In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In hide of WindowState.java
CVE-2024-31324
- July 09, 2024
In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code
CVE-2024-31325
- July 09, 2024
In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code
CVE-2024-31326
- July 09, 2024
In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible information leak due to a missing permission check
CVE-2024-31312
- July 09, 2024
In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation.
In onTransact of ParcelableListBinder.java , there is a possible way to steal m
CVE-2024-34723
- July 09, 2024
In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In smp_proc_rand of smp_act.cc
CVE-2024-34722
- July 09, 2024
In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free
CVE-2024-31339
- July 09, 2024
In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check
CVE-2024-31332
- July 09, 2024
In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation
CVE-2024-34721
- July 09, 2024
In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp
CVE-2024-34720
- July 09, 2024
In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app zygote processes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code
CVE-2024-31331
- July 09, 2024
In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Google Android or by Google? Click the Watch button to subscribe.