Google Android vulnerabilities

CVE-2024-43764 [HIGH] CVE-2024-43764: In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to partially bypass lock In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to partially bypass lock screen. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-53838 [HIGH] CWE-787 CVE-2024-53838: In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of b In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-53841 [HIGH] CWE-276 CVE-2024-53841: In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused depu In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43769 [HIGH] CWE-276 CVE-2024-43769: In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could pre In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43767 [HIGH] CWE-94 CVE-2024-43767: In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to i In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43768 [HIGH] CWE-787 CVE-2024-43768: In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds write due to an integer overf In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43077 [HIGH] CWE-787 CVE-2024-43077: In DevmemValidateFlags of devicemem_server.c , there is a possible out of bounds write due to memory In DevmemValidateFlags of devicemem_server.c , there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-53835 [HIGH] CWE-276 CVE-2024-53835: there is a possible biometric bypass due to an unusual root cause. This could lead to local escalati there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-11624 [HIGH] CWE-276 CVE-2024-11624: there is a possible to add apps to bypass VPN due to Undeclared Permission . This could lead to loca there is a possible to add apps to bypass VPN due to Undeclared Permission . This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-53833 [HIGH] CWE-787 CVE-2024-53833: In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to im In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-53837 [HIGH] CWE-787 CVE-2024-53837: In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43097 [HIGH] CWE-787 CVE-2024-43097: In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overfl In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-53836 [MEDIUM] CWE-787 CVE-2024-53836: In wbrc_bt_dev_write of wb_regon_coordinator.c, there is a possible out of bounds write due to a buf In wbrc_bt_dev_write of wb_regon_coordinator.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-53839 [MEDIUM] CWE-125 CVE-2024-53839: In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of bounds read due to a miss In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.

CVE-2024-47040 [CRITICAL] CWE-416 CVE-2024-47040: There is a possible UAF due to a logic error in the code. This could lead to local escalation of pri There is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-47038 [CRITICAL] CWE-787 CVE-2024-47038: In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a missing bounds check. This could lead to localcescalation of privilege with no additional execution privileges needed. Usercinteraction is not needed for exploitation.

CVE-2024-47039 [CRITICAL] CWE-125 CVE-2024-47039: In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missin In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9388 [CRITICAL] CWE-191 CVE-2018-9388: In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound w In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege.

CVE-2018-9416 [CRITICAL] CWE-787 CVE-2018-9416: In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to an unusual root cau In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to an unusual root cause. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9402 [HIGH] CWE-787 CVE-2018-9402: In multiple functions of gl_proc.c, there is a buffer overwrite due to a missing bounds check. This In multiple functions of gl_proc.c, there is a buffer overwrite due to a missing bounds check. This could lead to escalation of privileges in the kernel.