Android Google Android Mobile operating system

Do you want an email whenever new security vulnerabilities are reported in Google Android?

Recent Google Android Security Advisories

Advisory Title Published
Pixel Update Bulletin—February 2024 | Android Open Source Project February 7, 2024
Pixel Update Bulletin—December 2023 | Android Open Source Project December 8, 2023
Android Security Bulletin—December 2023 | Android Open Source Project December 4, 2023
Chromecast Security Bulletin—September 2023 | Android Open Source Project November 29, 2023
Android 14 Security Release Notes | Android Open Source Project October 30, 2023
Pixel Update Bulletin—October 2023 | Android Open Source Project October 11, 2023
Android Security Bulletin—October 2023 | Android Open Source Project October 6, 2023
Android Security Bulletin—September 2023 | Android Open Source Project September 11, 2023
Wear OS Security Bulletin—August 2023 | Android Open Source Project August 14, 2023
Android Security Bulletin—August 2023 | Android Open Source Project August 14, 2023

By the Year

In 2024 there have been 1 vulnerability in Google Android with an average score of 7.8 out of ten. Last year Android had 661 security vulnerabilities published. Right now, Android is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 1.10.

Year Vulnerabilities Average Score
2024 1 7.80
2023 661 6.70
2022 898 6.45
2021 574 6.60
2020 699 7.00
2019 491 7.11
2018 294 7.58

It may take a day or so for new Android vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Google Android Security Vulnerabilities

there is a possible out of bounds write due to a missing bounds check

CVE-2024-22012 7.8 - High - February 07, 2024

there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp

CVE-2023-48398 7.5 - High - December 08, 2023

In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

Out-of-bounds Read

In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2023-48399 5.5 - Medium - December 08, 2023

In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

Out-of-bounds Read

In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp

CVE-2023-48404 7.5 - High - December 08, 2023

In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Out-of-bounds Read

there is a possible way for the secure world to write to NS memory due to a logic error in the code

CVE-2023-48405 6.7 - Medium - December 08, 2023

there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code

CVE-2023-48406 6.7 - Medium - December 08, 2023

there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code

CVE-2023-48414 6.7 - Medium - December 08, 2023

In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Dangling pointer

In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2023-48415 5.5 - Medium - December 08, 2023

In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Out-of-bounds Read

In multiple locations, there is a possible null dereference due to a missing null check

CVE-2023-48416 7.5 - High - December 08, 2023

In multiple locations, there is a possible null dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

NULL Pointer Dereference

there is a possible use after free due to a race condition

CVE-2023-48420 6.4 - Medium - December 08, 2023

there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Race Condition

In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c

CVE-2023-48421 7.8 - High - December 08, 2023

In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2023-48422 5.5 - Medium - December 08, 2023

In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Out-of-bounds Read

In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check

CVE-2023-48423 9.8 - Critical - December 08, 2023

In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2023-48397 4.9 - Medium - December 08, 2023

In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Out-of-bounds Read

In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check

CVE-2023-48401 5.5 - Medium - December 08, 2023

In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Out-of-bounds Read

In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check

CVE-2023-48402 7.8 - High - December 08, 2023

In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

AuthZ

In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2023-48408 5.5 - Medium - December 08, 2023

In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

Out-of-bounds Read

In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c

CVE-2023-48409 7.8 - High - December 08, 2023

In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Integer Overflow or Wraparound

In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check

CVE-2023-48410 7.5 - High - December 08, 2023

In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Out-of-bounds Read

In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp

CVE-2023-48411 5.5 - Medium - December 08, 2023

In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

Out-of-bounds Read

In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code

CVE-2023-48412 5.5 - Medium - December 08, 2023

In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2023-48413 4.9 - Medium - December 08, 2023

In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Out-of-bounds Read

In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow

CVE-2023-48403 7.5 - High - December 08, 2023

In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure if the attacker is able to observe the behavior of the subsequent switch conditional with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

there is a possible DCK won't be deleted after factory reset due to a logic error in the code

CVE-2023-48407 7.8 - High - December 08, 2023

there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc

CVE-2023-40078 9.8 - Critical - December 04, 2023

In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass

CVE-2023-40079 7.8 - High - December 04, 2023

In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a logic error in the code

CVE-2023-40080 7.8 - High - December 04, 2023

In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy

CVE-2023-40081 5.5 - Medium - December 04, 2023

In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto

CVE-2023-40082 9.8 - Critical - December 04, 2023

In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2023-40083 5.5 - Medium - December 04, 2023

In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

Out-of-bounds Read

In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free

CVE-2023-40084 7.8 - High - December 04, 2023

In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Dangling pointer

In transcodeQ*ToFloat of btif_avrcp_audio_track.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2023-40087 8.8 - High - December 04, 2023

In transcodeQ*ToFloat of btif_avrcp_audio_track.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp

CVE-2023-40088 8.8 - High - December 04, 2023

In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Dangling pointer

In getCredentialManagerPolicy of DevicePolicyManagerService.java

CVE-2023-40089 7.8 - High - December 04, 2023

In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

AuthZ

In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure

CVE-2023-40090 6.5 - Medium - December 04, 2023

In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Side Channel Attack

In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption

CVE-2023-40091 7.8 - High - December 04, 2023

In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy

CVE-2023-40092 5.5 - Medium - December 04, 2023

In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check

CVE-2023-40094 7.8 - High - December 04, 2023

In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

AuthZ

In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check

CVE-2023-40095 7.8 - High - December 04, 2023

In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio

CVE-2023-40096 7.8 - High - December 04, 2023

In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation

CVE-2023-40097 7.8 - High - December 04, 2023

In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Improper Input Validation

In mOnDone of NotificationConversationInfo.java

CVE-2023-40098 5.5 - Medium - December 04, 2023

In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible way to corrupt memory due to a double free

CVE-2023-40103 7.8 - High - December 04, 2023

In multiple locations, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Double-free

In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2023-45773 7.8 - High - December 04, 2023

In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user's image due to a confused deputy

CVE-2023-45774 7.8 - High - December 04, 2023

In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user's image due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2023-45775 7.8 - High - December 04, 2023

In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2023-45776 7.8 - High - December 04, 2023

In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In checkKeyIntentParceledCorrectly of AccountManagerService.java

CVE-2023-45777 7.8 - High - December 04, 2023

In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto

CVE-2023-45779 7.8 - High - December 04, 2023

In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this can be found in the referenced links.

In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2023-45781 5.5 - Medium - December 04, 2023

In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

Out-of-bounds Read

In HTBLogKM of htbserver.c, there is a possible information disclosure due to log information disclosure

CVE-2023-21227 7.5 - High - December 04, 2023

In HTBLogKM of htbserver.c, there is a possible information disclosure due to log information disclosure. This could lead to local information disclosure in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check

CVE-2023-21228 9.8 - Critical - December 04, 2023

In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In OSMMapPMRGeneric of pmr_os.c, there is a possible out of bounds write due to an uncaught exception

CVE-2023-21263 9.8 - Critical - December 04, 2023

In OSMMapPMRGeneric of pmr_os.c, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In DevmemIntChangeSparse of devicemem_server.c, there is a possible out of bounds write due to an integer overflow

CVE-2023-21401 9.8 - Critical - December 04, 2023

In DevmemIntChangeSparse of devicemem_server.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In MMU_UnmapPages of mmu_common.c, there is a possible out of bounds read due to improper input validation

CVE-2023-21402 9.8 - Critical - December 04, 2023

In MMU_UnmapPages of mmu_common.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In RGXDestroyZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception

CVE-2023-21403 9.8 - Critical - December 04, 2023

In RGXDestroyZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception

CVE-2023-35690 9.8 - Critical - December 04, 2023

In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In RGXUnbackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free

CVE-2023-21162 9.8 - Critical - December 04, 2023

In RGXUnbackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In PMR_ReadBytes of pmr.c, there is a possible arbitrary code execution due to a use after free

CVE-2023-21163 9.8 - Critical - December 04, 2023

In PMR_ReadBytes of pmr.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In DevmemIntMapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free

CVE-2023-21164 9.8 - Critical - December 04, 2023

In DevmemIntMapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In RGXBackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free

CVE-2023-21166 9.8 - Critical - December 04, 2023

In RGXBackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In DevmemIntAcquireRemoteCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition

CVE-2023-21215 9.8 - Critical - December 04, 2023

In DevmemIntAcquireRemoteCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free

CVE-2023-21216 9.8 - Critical - December 04, 2023

In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In PMRWritePMPageList of TBD, there is a possible out of bounds write due to an integer overflow

CVE-2023-21217 9.8 - Critical - December 04, 2023

In PMRWritePMPageList of TBD, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check

CVE-2023-21218 9.8 - Critical - December 04, 2023

In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition

CVE-2023-40077 8.1 - High - December 04, 2023

In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Race Condition

In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials

CVE-2023-40076 5.5 - Medium - December 04, 2023

In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check

CVE-2023-40075 5.5 - Medium - December 04, 2023

In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for exploitation.

In saveToXml of PersistableBundle.java

CVE-2023-40074 5.5 - Medium - December 04, 2023

In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy

CVE-2023-40073 5.5 - Medium - December 04, 2023

In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy

CVE-2023-35668 5.5 - Medium - December 04, 2023

In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Remote code execution

CVE-2022-42536 9.8 - Critical - November 29, 2023

Remote code execution

Remote code execution

CVE-2022-42537 9.8 - Critical - November 29, 2023

Remote code execution

Elevation of privilege

CVE-2022-42538 9.8 - Critical - November 29, 2023

Elevation of privilege

Information disclosure

CVE-2022-42539 7.5 - High - November 29, 2023

Information disclosure

Elevation of privilege

CVE-2022-42540 9.8 - Critical - November 29, 2023

Elevation of privilege

Remote code execution

CVE-2022-42541 9.8 - Critical - November 29, 2023

Remote code execution

In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code

CVE-2023-21376 5.5 - Medium - October 30, 2023

In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

In SELinux Policy, there is a possible restriction bypass due to a permissions bypass

CVE-2023-21377 5.5 - Medium - October 30, 2023

In SELinux Policy, there is a possible restriction bypass due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check

CVE-2023-21378 7.8 - High - October 30, 2023

In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

AuthZ

In Bluetooth, there is a possible out of bounds read due to a missing bounds check

CVE-2023-21379 4.4 - Medium - October 30, 2023

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.

Out-of-bounds Read

In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow

CVE-2023-21380 6.7 - Medium - October 30, 2023

In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In Media Resource Manager, there is a possible local arbitrary code execution due to use after free

CVE-2023-21381 7.8 - High - October 30, 2023

In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Dangling pointer

In Content Resolver

CVE-2023-21382 5.5 - Medium - October 30, 2023

In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

AuthZ

In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt

CVE-2023-21383 5.5 - Medium - October 30, 2023

In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent

CVE-2023-21384 5.5 - Medium - October 30, 2023

In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

In Whitechapel, there is a possible out of bounds read due to memory corruption

CVE-2023-21385 5.5 - Medium - October 30, 2023

In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In Sysproxy, there is a possible out of bounds write due to an integer underflow

CVE-2023-21375 7.8 - High - October 30, 2023

In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Integer Overflow or Wraparound

In libdexfile, there is a possible out of bounds read due to a missing bounds check

CVE-2023-21372 7.8 - High - October 30, 2023

In libdexfile, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Out-of-bounds Read

In System UI, there is a possible factory reset protection bypass due to a logic error in the code

CVE-2023-21374 7.8 - High - October 30, 2023

In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In Print Service, there is a possible background activity launch due to a logic error in the code

CVE-2023-45780 7.3 - High - October 30, 2023

In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check

CVE-2023-40101 5.5 - Medium - October 30, 2023

In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Out-of-bounds Read

In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code

CVE-2023-21398 7.8 - High - October 30, 2023

In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value

CVE-2023-21397 7.8 - High - October 30, 2023

In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In Activity Manager, there is a possible background activity launch due to a logic error in the code

CVE-2023-21396 7.8 - High - October 30, 2023

In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

In Settings, there is a possible way for the user to change SIM due to a missing permission check

CVE-2023-21393 7.8 - High - October 30, 2023

In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

AuthZ

In Bluetooth, there is a possible out of bounds read due to a use after free

CVE-2023-21395 6.5 - Medium - October 30, 2023

In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

Dangling pointer

In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure

CVE-2023-21387 4.4 - Medium - October 30, 2023

In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Insertion of Sensitive Information into Log File

In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check

CVE-2023-21373 7.8 - High - October 30, 2023

In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

AuthZ

In Bluetooth, there is a possible way to corrupt memory due to a use after free

CVE-2023-21392 8.8 - High - October 30, 2023

In Bluetooth, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege when connecting to a Bluetooth device with no additional execution privileges needed. User interaction is not needed for exploitation.

Dangling pointer

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Google Android or by Google? Click the Watch button to subscribe.

Google
Vendor

Google Android
Mobile operating system

subscribe