Google Android vulnerabilities

CVE-2024-49832 [HIGH] CVE-2024-49832: Camera Android Security Bulletin 2025-02-01 CVE: CVE-2024-49832 Severity: HIGH Component: Camera References: A-377312238 QC-CR#3874301

CVE-2025-0100 [HIGH] CVE-2025-0100: Android Security Bulletin 2025-02-01 CVE: CVE-2025-0100 Severity: HIGH Type: ID Affected AOSP versions: 12, 12L, 13, 14, 15 References: A-372670004 Android Security Bulletin 2025-02-01 CVE: CVE-2025-0100 Severity: HIGH Type: ID Affected AOSP versions: 12, 12L, 13, 14, 15 References: A-372670004

CVE-2024-49729 [HIGH] CVE-2024-49729: Android Security Bulletin 2025-02-01 CVE: CVE-2024-49729 Severity: HIGH Type: ID Affected AOSP versions: 12, 12L, 13, 14, 15 References: A-368069390 Android Security Bulletin 2025-02-01 CVE: CVE-2024-49729 Severity: HIGH Type: ID Affected AOSP versions: 12, 12L, 13, 14, 15 References: A-368069390

CVE-2024-49843 [HIGH] CVE-2024-49843: Display Android Security Bulletin 2025-02-01 CVE: CVE-2024-49843 Severity: HIGH Component: Display References: A-377313194 QC-CR#3883522

CVE-2025-0094 [HIGH] CVE-2025-0094: Android Security Bulletin 2025-02-01 CVE: CVE-2025-0094 Severity: HIGH Type: EoP Affected AOSP versions: 12, 12L, 13, 14, 15 References: A-352542820 Android Security Bulletin 2025-02-01 CVE: CVE-2025-0094 Severity: HIGH Type: EoP Affected AOSP versions: 12, 12L, 13, 14, 15 References: A-352542820

CVE-2025-20634 [CRITICAL] CVE-2025-20634: Modem Android Security Bulletin 2025-02-01 CVE: CVE-2025-20634 Severity: HIGH Component: Modem References: A-381773169 M-MOLY01289384 *

CVE-2024-43705 [HIGH] CVE-2024-43705: PowerVR-GPU Android Security Bulletin 2025-02-01 CVE: CVE-2024-43705 Severity: HIGH Component: PowerVR-GPU References: A-372931317 PP-160756*

CVE-2025-0099 [HIGH] CVE-2025-0099: Android Security Bulletin 2025-02-01 CVE: CVE-2025-0099 Severity: HIGH Type: EoP Affected AOSP versions: 15 References: A-370962373 Android Security Bulletin 2025-02-01 CVE: CVE-2025-0099 Severity: HIGH Type: EoP Affected AOSP versions: 15 References: A-370962373

CVE-2024-49741 [HIGH] CVE-2024-49741: Android Security Bulletin 2025-02-01 CVE: CVE-2024-49741 Severity: HIGH Type: DoS Affected AOSP versions: 12, 12L, 13, 14, 15 References: A-353240784 Android Security Bulletin 2025-02-01 CVE: CVE-2024-49741 Severity: HIGH Type: DoS Affected AOSP versions: 12, 12L, 13, 14, 15 References: A-353240784

CVE-2025-0095 [HIGH] CVE-2025-0095: Android Security Bulletin 2025-02-01 CVE: CVE-2025-0095 Severity: HIGH Type: EoP Affected AOSP versions: 14, 15 References: A-356117796 Android Security Bulletin 2025-02-01 CVE: CVE-2025-0095 Severity: HIGH Type: EoP Affected AOSP versions: 14, 15 References: A-356117796

CVE-2025-0015 [HIGH] CVE-2025-0015: Mali Android Security Bulletin 2025-02-01 CVE: CVE-2025-0015 Severity: HIGH Component: Mali References: A-376311652 *

CVE-2024-47892 [HIGH] CVE-2024-47892: PowerVR-GPU Android Security Bulletin 2025-02-01 CVE: CVE-2024-47892 Severity: HIGH Component: PowerVR-GPU References: A-365954523 PP-160576 *

CVE-2024-45571 [HIGH] CVE-2024-45571: WLAN Android Security Bulletin 2025-02-01 CVE: CVE-2024-45571 Severity: HIGH Component: WLAN References: A-377313069 QC-CR#3834424

CVE-2025-0096 [HIGH] CVE-2025-0096: Android Security Bulletin 2025-02-01 CVE: CVE-2025-0096 Severity: HIGH Type: EoP Affected AOSP versions: 15 References: A-356630194 Android Security Bulletin 2025-02-01 CVE: CVE-2025-0096 Severity: HIGH Type: EoP Affected AOSP versions: 15 References: A-356630194

CVE-2024-34733 [HIGH] CWE-190 CVE-2024-34733: In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40675 [HIGH] CWE-835 CVE-2024-40675: In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validati In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40672 [HIGH] CWE-281 CVE-2024-40672: In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40677 [HIGH] CWE-862 CVE-2024-40677: In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass facto In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-34748 [HIGH] CWE-416 CVE-2024-34748: In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to i In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-34732 [HIGH] CWE-362 CVE-2024-34732: In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race con In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.