Google Android vulnerabilities

CVE-2023-38465 [MEDIUM] CWE-862 CVE-2023-38465: In ims service, there is a possible missing permission check. This could lead to local information d In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges

CVE-2023-33917 [MEDIUM] CWE-862 CVE-2023-33917: In vowifiservice, there is a possible missing permission check.This could lead to local information In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

CVE-2023-20827 [MEDIUM] CWE-362 CVE-2023-20827: In ims service, there is a possible memory corruption due to a race condition. This could lead to lo In ims service, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937105; Issue ID: ALPS07937105.

CVE-2023-20821 [MEDIUM] CWE-787 CVE-2023-20821: In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113.

CVE-2023-20832 [MEDIUM] CWE-787 CVE-2023-20832: In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08013530.

CVE-2023-20841 [MEDIUM] CWE-787 CVE-2023-20841: In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441.

CVE-2023-32808 [MEDIUM] CVE-2023-32808: In bluetooth driver, there is a possible read and write access to registers due to improper access c In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849751; Issue ID: ALPS07849751.

CVE-2023-33916 [MEDIUM] CWE-862 CVE-2023-33916: In vowifiservice, there is a possible missing permission check.This could lead to local information In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

CVE-2023-20848 [MEDIUM] CWE-125 CVE-2023-20848: In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This c In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433.

CVE-2023-32807 [MEDIUM] CWE-125 CVE-2023-32807: In wlan service, there is a possible out of bounds read due to improper input validation. This could In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588360; Issue ID: ALPS07588360.

CVE-2023-38448 [MEDIUM] CWE-862 CVE-2023-38448: In vowifiservice, there is a possible missing permission check.This could lead to local denial of se In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVE-2023-38463 [MEDIUM] CWE-862 CVE-2023-38463: In vowifiservice, there is a possible missing permission check.This could lead to local denial of se In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVE-2023-20849 [MEDIUM] CWE-416 CVE-2023-20849: In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350.

CVE-2023-20828 [MEDIUM] CWE-787 CVE-2023-20828: In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014144.

CVE-2023-32811 [MEDIUM] CWE-787 CVE-2023-32811: In connectivity system driver, there is a possible out of bounds write due to improper input validat In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848.

CVE-2023-32814 [MEDIUM] CWE-125 CVE-2023-32814: In gnss service, there is a possible out of bounds read due to improper input validation. This could In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08031947; Issue ID: ALPS08031947.

CVE-2022-48453 [MEDIUM] CWE-787 CVE-2022-48453: In camera driver, there is a possible out of bounds write due to a missing bounds check. This could In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

CVE-2023-38467 [MEDIUM] CWE-787 CVE-2023-38467: In urild service, there is a possible out of bounds write due to a missing bounds check. This could In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

CVE-2022-47353 [MEDIUM] CWE-20 CVE-2022-47353: In vdsp device, there is a possible system crash due to improper input validation.This could lead to In vdsp device, there is a possible system crash due to improper input validation.This could lead to local denial of service with System execution privileges needed

CVE-2023-20829 [MEDIUM] CWE-787 CVE-2023-20829: In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014148.