Google Android vulnerabilities

CVE-2024-40649 [HIGH] CWE-416 CVE-2024-40649: In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9373 [HIGH] CWE-787 CVE-2018-9373: In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a miss In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40669 [HIGH] CWE-416 CVE-2024-40669: In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40676 [HIGH] CWE-843 CVE-2024-40676: In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security c In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40651 [HIGH] CWE-416 CVE-2024-40651: In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40670 [HIGH] CWE-416 CVE-2024-40670: In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9378 [MEDIUM] CWE-908 CVE-2018-9378: In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disc In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2017-13317 [MEDIUM] CWE-125 CVE-2017-13317: In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read due t In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2024-40674 [MEDIUM] CWE-120 CVE-2024-40674: In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configur In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2017-13318 [MEDIUM] CWE-125 CVE-2017-13318: In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an i In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2024-40673 [MEDIUM] CWE-94 CVE-2024-40673: In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by mani In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-49748 [CRITICAL] CWE-787 CVE-2024-49748: In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-49747 [CRITICAL] CWE-94 CVE-2024-49747: In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a lo In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-49749 [HIGH] CWE-787 CVE-2024-49749: In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-49738 [HIGH] CWE-787 CVE-2024-49738: In writeInplace of Parcel.cpp, there is a possible out of bounds write. This could lead to local esc In writeInplace of Parcel.cpp, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-34730 [HIGH] CWE-276 CVE-2024-34730: In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43770 [HIGH] CWE-94 CVE-2024-43770: In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing b In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40132 [HIGH] CWE-276 CVE-2023-40132: In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content pr In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2024-43765 [HIGH] CWE-276 CVE-2024-43765: In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/over In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

CVE-2024-49737 [HIGH] CWE-276 CVE-2024-49737: In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch a In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.