Google Android Mobile operating system

In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code

CVE-2024-31334 - July 09, 2024

In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation

CVE-2024-34721 - July 09, 2024

In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

In smp_proc_rand of smp_act.cc

CVE-2024-34722 - July 09, 2024

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free

CVE-2024-31339 - July 09, 2024

In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check

CVE-2024-31332 - July 09, 2024

In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In onTransact of ParcelableListBinder.java , there is a possible way to steal m

CVE-2024-34723 - July 09, 2024

In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp

CVE-2024-34720 - July 09, 2024

In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app zygote processes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code

CVE-2024-31331 - July 09, 2024

In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

In setSkipPrompt of AssociationRequest.java

CVE-2024-31320 - July 09, 2024

In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code

CVE-2024-31335 - July 09, 2024

In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code

CVE-2024-23711 - July 09, 2024

In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a missing bounds check

CVE-2024-23698 - July 09, 2024

In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free

CVE-2024-23697 - July 09, 2024

In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free

CVE-2024-23696 - July 09, 2024

In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow

CVE-2024-23695 - July 09, 2024

In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition

CVE-2024-31327 - July 09, 2024

In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking

CVE-2024-31323 - July 09, 2024

In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of ManagedServices.java

CVE-2024-31315 - July 09, 2024

In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check

CVE-2024-31313 - July 09, 2024

In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check

CVE-2024-31311 - July 09, 2024

In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible permission bypass due to a confused deputy

CVE-2023-21114 - July 09, 2024

In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible permission bypass due to a confused deputy

CVE-2023-21113 - July 09, 2024

In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion

CVE-2024-31314 - July 09, 2024

In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible information leak due to a missing permission check

CVE-2024-31312 - July 09, 2024

In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code

CVE-2024-31326 - July 09, 2024

In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code

CVE-2024-31325 - July 09, 2024

In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In hide of WindowState.java

CVE-2024-31324 - July 09, 2024

In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden

CVE-2024-31322 - July 09, 2024

In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In updateNotificationChannel

CVE-2024-31319 - July 09, 2024

In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In CompanionDeviceManagerService.java

CVE-2024-31318 - July 09, 2024

In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app

CVE-2024-31317 - July 09, 2024

In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

In onResult of AccountManagerService.java

CVE-2024-31316 - July 09, 2024

In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In newServiceInfoLocked of AutofillManagerServiceImpl.java

CVE-2024-31310 - July 09, 2024

In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code execution due to a race condition

CVE-2024-34724 - July 09, 2024

In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition

CVE-2024-34725 - July 09, 2024

In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error in the code

CVE-2024-34726 - July 09, 2024

In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

CVE-2024-21469 7.8 - High - July 01, 2024

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

Memory Corruption

Memory corruption while processing key blob passed by the user.

CVE-2024-21465 7.8 - High - July 01, 2024

Memory corruption while processing key blob passed by the user.

Out-of-bounds Read

Transient DOS while loading the TA ELF file.

CVE-2024-21462 5.5 - Medium - July 01, 2024

Transient DOS while loading the TA ELF file.

Out-of-bounds Read

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.

CVE-2024-21460 6.5 - Medium - July 01, 2024

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.

Use of Insufficiently Random Values

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

CVE-2024-21461 7.8 - High - July 01, 2024

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Double-free

Memory corruption while handling user packets during VBO bind operation.

CVE-2024-23380 7.8 - High - July 01, 2024

Memory corruption while handling user packets during VBO bind operation.

Dangling pointer

Memory corruption when allocating and accessing an entry in an SMEM partition.

CVE-2024-23368 7.8 - High - July 01, 2024

Memory corruption when allocating and accessing an entry in an SMEM partition.

Classic Buffer Overflow

Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.

CVE-2024-23372 7.8 - High - July 01, 2024

Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.

Integer Overflow or Wraparound

Memory corruption when IOMMU unmap operation fails

CVE-2024-23373 7.8 - High - July 01, 2024

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.

Dangling pointer

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware

CVE-2024-0153 - July 01, 2024

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware allows a local non-privileged user to make improper GPU processing operations to access a limited amount outside of buffer bounds. If the operations are carefully prepared, then this in turn could give them access to all system memory. This issue affects Valhall GPU Firmware: from r29p0 through r46p0; Arm 5th Gen GPU Architecture Firmware: from r41p0 through r46p0.

In Modem, there is a possible system crash due to incorrect error handling

CVE-2024-20076 - July 01, 2024

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297806; Issue ID: MSV-1481.

In Modem, there is a possible system crash due to incorrect error handling

CVE-2024-20077 - July 01, 2024

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297807; Issue ID: MSV-1482.

In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation

CVE-2024-29781 7.5 - High - June 13, 2024

In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Out-of-bounds Read

In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow

CVE-2024-29784 7.8 - High - June 13, 2024

In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Integer Overflow or Wraparound

In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data

CVE-2024-29785 5.5 - Medium - June 13, 2024

In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Use of Uninitialized Resource

In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check

CVE-2024-29786 9.8 - Critical - June 13, 2024

In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free

CVE-2024-29787 7.8 - High - June 13, 2024

In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Dangling pointer

In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition

CVE-2024-32891 7 - High - June 13, 2024

In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Race Condition

In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion

CVE-2024-32892 7.8 - High - June 13, 2024

In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Object Type Confusion

In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting

CVE-2024-32893 5.5 - Medium - June 13, 2024

In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Out-of-bounds Read

In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check

CVE-2024-32894 7.5 - High - June 13, 2024

In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Out-of-bounds Read

In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check

CVE-2024-32895 7.8 - High - June 13, 2024

In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() of protocolsmsadapter.cpp

CVE-2024-32897 5.9 - Medium - June 13, 2024

In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() of protocolsmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

Out-of-bounds Read

In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2024-32898 4.7 - Medium - June 13, 2024

In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.

Out-of-bounds Read

In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition

CVE-2024-32899 7 - High - June 13, 2024

In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation.

Race Condition

In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking

CVE-2024-32900 7.8 - High - June 13, 2024

In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking. This could lead to local escalation of privilege from hal_camera_default SELinux label with no additional execution privileges needed. User interaction is not needed for exploitation.

Dangling pointer

In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check

CVE-2024-32901 7.8 - High - June 13, 2024

In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation

CVE-2024-32903 7.8 - High - June 13, 2024

In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2024-32904 4.7 - Medium - June 13, 2024

In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.

Out-of-bounds Read

In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check

CVE-2024-32905 9.8 - Critical - June 13, 2024

In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data

CVE-2024-32906 7.8 - High - June 13, 2024

In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Use of Uninitialized Resource

In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation

CVE-2024-32907 7.8 - High - June 13, 2024

In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Classic Buffer Overflow

In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c

CVE-2024-29780 5.5 - Medium - June 13, 2024

In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Use of Uninitialized Resource

In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp

CVE-2024-29778 4.7 - Medium - June 13, 2024

In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

Out-of-bounds Read

In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow

CVE-2024-32913 9.8 - Critical - June 13, 2024

In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In sec_media_protect of media.c, there is a possible permission bypass due to a race condition

CVE-2024-32908 7.8 - High - June 13, 2024

In sec_media_protect of media.c, there is a possible permission bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Race Condition

In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow

CVE-2024-32909 7.8 - High - June 13, 2024

In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

there is a possible persistent Denial of Service due to test/debugging code left in a production build

CVE-2024-32912 5.5 - Medium - June 13, 2024

there is a possible persistent Denial of Service due to test/debugging code left in a production build. This could lead to local denial of service of impaired use of the device with no additional execution privileges needed. User interaction is not needed for exploitation.

Remote prevention of access to cellular service with no user interaction (for example

CVE-2024-32902 7.5 - High - June 13, 2024

Remote prevention of access to cellular service with no user interaction (for example, crashing the cellular radio service with a malformed packet)

There is a possible escalation of privilege due to improperly used crypto

CVE-2024-32911 9.8 - Critical - June 13, 2024

There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Use of a Broken or Risky Cryptographic Algorithm

In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data

CVE-2024-32910 5.5 - Medium - June 13, 2024

In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Use of Uninitialized Resource

there is a possible way to bypass due to a logic error in the code

CVE-2024-32896 7.8 - High - June 13, 2024

there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver

CVE-2024-4610 5.5 - Medium - June 07, 2024

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.

Dangling pointer

Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.

CVE-2023-43538 9.3 - Critical - June 03, 2024

Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.

Cryptographic issue while performing attach with a LTE network, a rogue base station

CVE-2023-43551 9.1 - Critical - June 03, 2024

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

Memory corruption in Hypervisor when platform information mentioned is not aligned.

CVE-2023-43556 9.3 - Critical - June 03, 2024

Memory corruption in Hypervisor when platform information mentioned is not aligned.

Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.

CVE-2023-43542 7.8 - High - June 03, 2024

Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.

Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.

CVE-2024-23363 7.5 - High - June 03, 2024

Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.

In telephony, there is a possible information disclosure due to a missing permission check

CVE-2024-20065 - June 03, 2024

In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08698617; Issue ID: MSV-1394.

In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check

CVE-2024-20069 - June 03, 2024

In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01286330; Issue ID: MSV-1430.

In modem, there is a possible out of bounds write due to an incorrect bounds check

CVE-2024-20066 - June 03, 2024

In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01267281; Issue ID: MSV-1477.

In modem, there is a possible out of bounds write due to improper input invalidation

CVE-2024-20067 - June 03, 2024

In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267285; Issue ID: MSV-1462.

In modem, there is a possible system crash due to improper input validation

CVE-2024-20068 - June 03, 2024

In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01270721; Issue ID: MSV-1479.

In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto

CVE-2024-0042 - May 07, 2024

In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion

CVE-2024-0027 - May 07, 2024

In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion

CVE-2024-0026 - May 07, 2024

In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DIS

CVE-2024-23704 - May 07, 2024

In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of AppOpsService.java

CVE-2024-23712 - May 07, 2024

In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of CompanionDeviceManagerService.java

CVE-2024-0022 - May 07, 2024

In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

In migrateNotificationFilter of NotificationManagerService.java

CVE-2024-23713 - May 07, 2024

In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java

CVE-2024-23710 - May 07, 2024

In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible out of bounds write due to a heap buffer overflow

CVE-2024-23709 - May 07, 2024

In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

In multiple locations, there is a possible permissions bypass due to improper input validation

CVE-2024-23707 - May 07, 2024

In multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In multiple locations

CVE-2024-0043 - May 07, 2024

In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.