Google Android vulnerabilities

CVE-2023-20830 [MEDIUM] CWE-787 CVE-2023-20830: In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156.

CVE-2023-38457 [MEDIUM] CWE-862 CVE-2023-38457: In vowifiservice, there is a possible missing permission check.This could lead to local denial of se In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVE-2023-20822 [MEDIUM] CWE-787 CVE-2023-20822: In netdagent, there is a possible out of bounds write due to a missing bounds check. This could lead In netdagent, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944012; Issue ID: ALPS07944012.

CVE-2023-38439 [MEDIUM] CWE-862 CVE-2023-38439: In vowifiservice, there is a possible missing permission check.This could lead to local information In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

CVE-2023-38445 [MEDIUM] CWE-862 CVE-2023-38445: In vowifiservice, there is a possible missing permission check.This could lead to local denial of se In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVE-2023-32817 [MEDIUM] CWE-125 CVE-2023-32817: In gnss service, there is a possible out of bounds read due to improper input validation. This could In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035.

CVE-2023-28581 [CRITICAL] CVE-2023-28581: Closed-source component Android Security Bulletin 2023-09-01 CVE: CVE-2023-28581 Severity: CRITICAL Component: Closed-source component References: A-285902431 *

CVE-2022-40534 [HIGH] CVE-2022-40534: Closed-source component Android Security Bulletin 2023-09-01 CVE: CVE-2022-40534 Severity: HIGH Component: Closed-source component References: A-288580358 *

CVE-2023-21653 [HIGH] CVE-2023-21653: Closed-source component Android Security Bulletin 2023-09-01 CVE: CVE-2023-21653 Severity: HIGH Component: Closed-source component References: A-271880270 *

CVE-2023-33016 [HIGH] CVE-2023-33016: Closed-source component Android Security Bulletin 2023-09-01 CVE: CVE-2023-33016 Severity: HIGH Component: Closed-source component References: A-285902923 *

CVE-2023-33021 [HIGH] CVE-2023-33021: Display Android Security Bulletin 2023-09-01 CVE: CVE-2023-33021 Severity: HIGH Component: Display References: A-285903020 QC-CR#3397562 [2]

CVE-2023-33015 [HIGH] CVE-2023-33015: Closed-source component Android Security Bulletin 2023-09-01 CVE: CVE-2023-33015 Severity: HIGH Component: Closed-source component References: A-285903140 *

CVE-2023-28573 [HIGH] CVE-2023-28573: Closed-source component Android Security Bulletin 2023-09-01 CVE: CVE-2023-28573 Severity: HIGH Component: Closed-source component References: A-285902920 *

CVE-2023-33019 [HIGH] CVE-2023-33019: WLAN Android Security Bulletin 2023-09-01 CVE: CVE-2023-33019 Severity: HIGH Component: WLAN References: A-285903027 QC-CR#3403638

CVE-2023-28584 [HIGH] CVE-2023-28584: WLAN Android Security Bulletin 2023-09-01 CVE: CVE-2023-28584 Severity: HIGH Component: WLAN References: A-285903061 QC-CR#3390251

CVE-2023-21646 [HIGH] CVE-2023-21646: Closed-source component Android Security Bulletin 2023-09-01 CVE: CVE-2023-21646 Severity: HIGH Component: Closed-source component References: A-271879257 *

CVE-2023-28538 [HIGH] CVE-2023-28538: Closed-source component Android Security Bulletin 2023-09-01 CVE: CVE-2023-28538 Severity: HIGH Component: Closed-source component References: A-280341574 *

CVE-2023-28549 [HIGH] CVE-2023-28549: Closed-source component Android Security Bulletin 2023-09-01 CVE: CVE-2023-28549 Severity: HIGH Component: Closed-source component References: A-280342096 *

CVE-2023-21287 [CRITICAL] CWE-843 CVE-2023-21287: In multiple locations, there is a possible code execution due to type confusion. This could lead to In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-20965 [CRITICAL] CWE-522 CVE-2023-20965: In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.