Android Google Android Mobile operating system

Do you want an email whenever new security vulnerabilities are reported in Google Android?

Recent Google Android Security Advisories

Advisory Title Published
2024-05-15 Android Security Bulletin—May 2024 May 15, 2024
Pixel Update Bulletin—April 2024 | Android Open Source Project April 5, 2024
2024-04-01 Android Security Bulletin—April 2024 April 1, 2024
2024-03-01 Android Security Bulletin—March 2024 March 1, 2024
Pixel Update Bulletin—February 2024 | Android Open Source Project February 7, 2024
2024-02-01 Android Security Bulletin—February 2024 February 1, 2024
2024-01-01 Android Security Bulletin—January 2024 January 1, 2024
Pixel Update Bulletin—December 2023 | Android Open Source Project December 8, 2023
Android Security Bulletin—December 2023 | Android Open Source Project December 4, 2023
Chromecast Security Bulletin—September 2023 | Android Open Source Project November 29, 2023

By the Year

In 2024 there have been 171 vulnerabilities in Google Android with an average score of 7.6 out of ten. Last year Android had 683 security vulnerabilities published. Right now, Android is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.82.

Year Vulnerabilities Average Score
2024 171 7.56
2023 683 6.74
2022 898 6.45
2021 574 6.60
2020 699 7.00
2019 491 7.11
2018 294 7.58

It may take a day or so for new Android vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Google Android Security Vulnerabilities

In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion

CVE-2024-0027 - May 07, 2024

In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto

CVE-2024-0042 - May 07, 2024

In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion

CVE-2024-0026 - May 07, 2024

In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DIS

CVE-2024-23704 - May 07, 2024

In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of AppOpsService.java

CVE-2024-23712 - May 07, 2024

In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of CompanionDeviceManagerService.java

CVE-2024-0022 - May 07, 2024

In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

In migrateNotificationFilter of NotificationManagerService.java

CVE-2024-23713 - May 07, 2024

In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java

CVE-2024-23710 - May 07, 2024

In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible out of bounds write due to a heap buffer overflow

CVE-2024-23709 - May 07, 2024

In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

In multiple locations, there is a possible permissions bypass due to improper input validation

CVE-2024-23707 - May 07, 2024

In multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In multiple locations

CVE-2024-0043 - May 07, 2024

In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In multiple locations, there is a possible bypass of health data permissions due to an improper input validation

CVE-2024-23706 - May 07, 2024

In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of NotificationManagerService.java

CVE-2024-23708 - May 07, 2024

In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation

CVE-2024-23705 - May 07, 2024

In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error

CVE-2024-0025 - May 07, 2024

In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple methods of UserManagerService.java

CVE-2024-0024 - May 07, 2024

In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Memory corruption while playing audio file having large-sized input buffer.

CVE-2024-21480 7.3 - High - May 06, 2024

Memory corruption while playing audio file having large-sized input buffer.

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.

CVE-2024-21477 - May 06, 2024

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.

Memory corruption while verifying the serialized header when the key pairs are generated.

CVE-2023-43531 8.4 - High - May 06, 2024

Memory corruption while verifying the serialized header when the key pairs are generated.

Memory corruption in HLOS while checking for the storage type.

CVE-2023-43530 5.9 - Medium - May 06, 2024

Memory corruption in HLOS while checking for the storage type.

Transient DOS while processing IKEv2 Informational request messages

CVE-2023-43529 7.5 - High - May 06, 2024

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.

Memory corruption while loading a VM from a signed VM image

CVE-2023-33119 8.4 - High - May 06, 2024

Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.

Memory corruption when the IOCTL call is interrupted by a signal.

CVE-2024-23354 8.4 - High - May 06, 2024

Memory corruption when the IOCTL call is interrupted by a signal.

Memory corruption as GPU registers beyond the last protected range

CVE-2024-23351 8.4 - High - May 06, 2024

Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.

Memory corruption when the payload received

CVE-2024-21475 7.8 - High - May 06, 2024

Memory corruption when the payload received from firmware is not as per the expected protocol size.

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.

CVE-2024-21471 8.4 - High - May 06, 2024

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.

In keyInstall, there is a possible out of bounds write due to a missing bounds check

CVE-2024-20057 - May 06, 2024

In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587881; Issue ID: ALPS08587881.

In preloader, there is a possible escalation of privilege due to an insecure default value

CVE-2024-20056 - May 06, 2024

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185.

In keyInstall, there is a possible out of bounds write due to a missing bounds check

CVE-2023-32873 - May 06, 2024

In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08583919; Issue ID: ALPS08304227.

In DA, there is a possible permission bypass due to an incorrect status check

CVE-2023-32871 - May 06, 2024

In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514.

Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver

CVE-2024-1395 - May 03, 2024

Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the systems memory is carefully prepared by the user, then this in turn could give them access to already freed memory. This issue affects Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r47p0.

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver

CVE-2024-1067 - May 03, 2024

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. On Armv8.0 cores, there are certain combinations of the Linux Kernel and Mali GPU kernel driver configurations that would allow the GPU operations to affect the userspace memory of other processes. This issue affects Bifrost GPU Kernel Driver: from r41p0 through r47p0; Valhall GPU Kernel Driver: from r41p0 through r47p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r47p0.

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver

CVE-2023-6363 - May 03, 2024

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the systems memory is carefully prepared by the user, then this in turn could give them access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r41p0 through r47p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r47p0.

there is a possible Information Disclosure due to uninitialized data

CVE-2024-29745 5.5 - Medium - April 05, 2024

there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Use of Uninitialized Resource

Memory corruption when there is failed unmap operation in GPU.

CVE-2024-21468 8.4 - High - April 01, 2024

Memory corruption when there is failed unmap operation in GPU.

Memory corruption in Kernel while handling GPU operations.

CVE-2024-21472 8.4 - High - April 01, 2024

Memory corruption in Kernel while handling GPU operations.

Memory corruption in SPS Application while requesting for public key in sorter TA.

CVE-2023-28547 8.4 - High - April 01, 2024

Memory corruption in SPS Application while requesting for public key in sorter TA.

Memory corruption while processing finish_sign command to pass a rsp buffer.

CVE-2023-33023 8.4 - High - April 01, 2024

Memory corruption while processing finish_sign command to pass a rsp buffer.

Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.

CVE-2023-33099 7.5 - High - April 01, 2024

Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.

Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification.

CVE-2023-33100 - April 01, 2024

Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification.

Transient DOS while processing DL NAS TRANSPORT message with payload length 0.

CVE-2023-33101 7.5 - High - April 01, 2024

Transient DOS while processing DL NAS TRANSPORT message with payload length 0.

Memory corruption while processing buffer initialization

CVE-2023-33115 - April 01, 2024

Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.

Memory corruption while processing Codec2 during v13k decoder pitch synthesis.

CVE-2024-21463 7.3 - High - April 01, 2024

Memory corruption while processing Codec2 during v13k decoder pitch synthesis.

In modem protocol, there is a possible out of bounds write due to a missing bounds check

CVE-2024-20039 - April 01, 2024

In modem protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01240012; Issue ID: MSV-1215.

In wlan firmware, there is a possible out of bounds write due to improper input validation

CVE-2024-20040 - April 01, 2024

In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530 (for MT79XX chipsets); Issue ID: MSV-979.

In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation

CVE-2024-0044 - March 11, 2024

In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In installExistingPackageAsUser of InstallPackageHelper.java

CVE-2024-0046 - March 11, 2024

In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In Session of AccountManagerService.java

CVE-2024-0048 - March 11, 2024

In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible out of bounds write due to a heap buffer overflow

CVE-2024-0049 - March 11, 2024

In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check

CVE-2024-0050 - March 11, 2024

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation.

In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow

CVE-2024-0051 - March 11, 2024

In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy

CVE-2024-0053 - March 11, 2024

In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code

CVE-2024-0047 - March 11, 2024

In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for exploitation.

In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2024-0039 - March 11, 2024

In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

In access_secure_service_

CVE-2024-23717 - March 11, 2024

In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation

CVE-2024-0045 - March 11, 2024

In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check

CVE-2024-0052 - March 11, 2024

In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver

CVE-2023-6241 - March 04, 2024

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing operations. If the systems memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Midgard GPU Kernel Driver: from r13p0 through r32p0; Bifrost GPU Kernel Driver: from r11p0 through r25p0; Valhall GPU Kernel Driver: from r19p0 through r25p0, from r29p0 through r46p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r46p0.

Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake.

CVE-2023-28582 9.8 - Critical - March 04, 2024

Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake.

Transient DOS while processing IE fragments

CVE-2023-33084 7.5 - High - March 04, 2024

Transient DOS while processing IE fragments from server during DTLS handshake.

Transient DOS while processing multiple IKEV2 Informational Request to device

CVE-2023-33086 7.5 - High - March 04, 2024

Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.

Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.

CVE-2023-33095 7.5 - High - March 04, 2024

Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.

Transient DOS while processing DL NAS Transport message

CVE-2023-33096 7.5 - High - March 04, 2024

Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.

Transient DOS while processing CAG info IE received

CVE-2023-33103 7.5 - High - March 04, 2024

Transient DOS while processing CAG info IE received from NW.

Transient DOS while processing PDU Release command with a parameter PDU ID out of range.

CVE-2023-33104 7.5 - High - March 04, 2024

Transient DOS while processing PDU Release command with a parameter PDU ID out of range.

Memory corruption while invoking HGSL IOCTL context create.

CVE-2023-43546 8.4 - High - March 04, 2024

Memory corruption while invoking HGSL IOCTL context create.

Memory corruption while invoking IOCTLs calls in Automotive Multimedia.

CVE-2023-43547 8.4 - High - March 04, 2024

Memory corruption while invoking IOCTLs calls in Automotive Multimedia.

Memory corruption while processing a QMI request for allocating memory

CVE-2023-43550 7.8 - High - March 04, 2024

Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.

Memory corruption while processing MBSSID beacon containing several subelement IE.

CVE-2023-43552 9.8 - Critical - March 04, 2024

Memory corruption while processing MBSSID beacon containing several subelement IE.

Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.

CVE-2023-43553 9.8 - Critical - March 04, 2024

Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.

Memory corruption in Core Services while executing the command for removing a single event listener.

CVE-2023-28578 9.3 - Critical - March 04, 2024

Memory corruption in Core Services while executing the command for removing a single event listener.

Memory corruption in Audio while processing RT proxy port register driver.

CVE-2023-33066 - March 04, 2024

Memory corruption in Audio while processing RT proxy port register driver.

Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.

CVE-2023-33105 7.5 - High - March 04, 2024

Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.

Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.

CVE-2023-43539 7.5 - High - March 04, 2024

Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.

Memory corruption while parsing qcp clip with invalid chunk data size.

CVE-2023-43548 7.3 - High - March 04, 2024

Memory corruption while parsing qcp clip with invalid chunk data size.

Memory corruption while processing TPC target power table in FTM TPC.

CVE-2023-43549 8.4 - High - March 04, 2024

Memory corruption while processing TPC target power table in FTM TPC.

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver

CVE-2023-6143 - March 04, 2024

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing operations. If the systems memory is carefully prepared by the user and the system is under heavy load, then this in turn cause a use-after-free.This issue affects Midgard GPU Kernel Driver: from r13p0 through r32p0; Bifrost GPU Kernel Driver: from r1p0 through r18p0; Valhall GPU Kernel Driver: from r37p0 through r46p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r46p0.

In da, there is a possible permission bypass due to a missing permission check

CVE-2024-20005 - March 04, 2024

In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355599; Issue ID: ALPS08355599.

In lk, there is a possible escalation of privilege due to a missing bounds check

CVE-2024-20022 - March 04, 2024

In lk, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528255; Issue ID: ALPS08528255.

In flashc, there is a possible out of bounds write due to lack of valudation

CVE-2024-20023 - March 04, 2024

In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541638; Issue ID: ALPS08541638.

In flashc, there is a possible out of bounds write due to lack of valudation

CVE-2024-20024 - March 04, 2024

In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541635; Issue ID: ALPS08541635.

In da, there is a possible out of bounds write due to an integer overflow

CVE-2024-20025 - March 04, 2024

In da, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541686; Issue ID: ALPS08541686.

In da, there is a possible out of bounds write due to improper input validation

CVE-2024-20027 - March 04, 2024

In da, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541633.

In da, there is a possible out of bounds write due to lack of valudation

CVE-2024-20028 - March 04, 2024

In da, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541687.

In OPTEE, there is a possible out of bounds write due to an incorrect bounds check

CVE-2024-20020 - March 04, 2024

In OPTEE, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08522504; Issue ID: ALPS08522504.

In da, there is a possible information disclosure due to improper input validation

CVE-2024-20026 - March 04, 2024

In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541632.

In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow

CVE-2024-0018 - February 16, 2024

In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check

CVE-2024-0023 - February 16, 2024

In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In setListening of AppOpsControllerImpl.java

CVE-2024-0019 - February 16, 2024

In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

In onCreate of NotificationAccessConfirmationActivity.java

CVE-2024-0021 - February 16, 2024

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In multiple locations, there is a possible out of bounds read due to a missing bounds check

CVE-2024-0016 - February 16, 2024

In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass

CVE-2024-0017 - February 16, 2024

In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

In onActivityResult of NotificationSoundPreference.java

CVE-2024-0020 - February 16, 2024

In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is not needed for exploitation.

In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection

CVE-2024-0015 - February 16, 2024

In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2023-40085 - February 16, 2024

In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free

CVE-2023-21165 - February 16, 2024

In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code

CVE-2024-0029 - February 16, 2024

In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In queryChildDocuments of FileSystemProvider.java, there is a possible way to request access to directories

CVE-2024-0032 - February 16, 2024

In queryChildDocuments of FileSystemProvider.java, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass

CVE-2024-0034 - February 16, 2024

In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities

CVE-2024-0036 - February 16, 2024

In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Google Android or by Google? Click the Watch button to subscribe.

Google
Vendor

Google Android
Mobile operating system

subscribe