Google Android vulnerabilities

CVE-2023-40646 [MEDIUM] CWE-862 CVE-2023-40646: In Messaging, there is a possible missing permission check. This could lead to local information dis In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-40640 [MEDIUM] CWE-862 CVE-2023-40640: In SoundRecorder service, there is a possible missing permission check. This could lead to local inf In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges

CVE-2023-40643 [MEDIUM] CWE-862 CVE-2023-40643: In Messaging, there is a possible missing permission check. This could lead to local information dis In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-40648 [MEDIUM] CWE-862 CVE-2023-40648: In Messaging, there is a possible missing permission check. This could lead to local information dis In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-40649 [MEDIUM] CWE-862 CVE-2023-40649: In Messaging, there is a possible missing permission check. This could lead to local information dis In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-40645 [MEDIUM] CWE-862 CVE-2023-40645: In Messaging, there is a possible missing permission check. This could lead to local information dis In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-40639 [MEDIUM] CWE-862 CVE-2023-40639: In SoundRecorder service, there is a possible missing permission check. This could lead to local inf In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges

CVE-2023-40650 [MEDIUM] CWE-862 CVE-2023-40650: In Telecom service, there is a possible missing permission check. This could lead to local informati In Telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-21266 [HIGH] CVE-2023-21266: In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21244 [MEDIUM] CWE-862 CVE-2023-21244: In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a mi In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21252 [MEDIUM] CVE-2023-21252: In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21291 [MEDIUM] CWE-862 CVE-2023-21291: In visitUris of Notification.java, there is a possible way to reveal image contents from another use In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21253 [MEDIUM] CWE-400 CVE-2023-21253: In multiple locations, there is a possible way to crash multiple system services due to resource exh In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-32820 [HIGH] CWE-617 CVE-2023-32820: In wlan firmware, there is a possible firmware assertion due to improper input handling. This could In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637.

CVE-2023-32830 [MEDIUM] CWE-787 CVE-2023-32830: In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03802522; Issue ID: DTV03802522.

CVE-2023-32823 [MEDIUM] CWE-190 CVE-2023-32823: In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to lo In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912966.

CVE-2023-32826 [MEDIUM] CWE-787 CVE-2023-32826: In camera middleware, there is a possible out of bounds write due to a missing input validation. Thi In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993544.

CVE-2023-32824 [MEDIUM] CWE-415 CVE-2023-32824: In rpmb , there is a possible double free due to improper locking. This could lead to local escalati In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912961.

CVE-2023-32828 [MEDIUM] CWE-190 CVE-2023-32828: In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767817; Issue ID: ALPS07767817.

CVE-2023-32821 [MEDIUM] CWE-787 CVE-2023-32821: In video, there is a possible out of bounds write due to a permissions bypass. This could lead to lo In video, there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08013430; Issue ID: ALPS08013433.