Google Android vulnerabilities

CVE-2024-47032 [HIGH] CWE-120 CVE-2024-47032: In construct_transaction_from_cmd of lwis_ioctl.c, there is a possible out of bounds write due to a In construct_transaction_from_cmd of lwis_ioctl.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-53840 [HIGH] CWE-276 CVE-2024-53840: there is a possible biometric bypass due to an unusual root cause. This could lead to local escalati there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43769 [HIGH] CWE-276 CVE-2024-43769: In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could pre In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43768 [HIGH] CWE-787 CVE-2024-43768: In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds write due to an integer overf In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43077 [HIGH] CWE-787 CVE-2024-43077: In DevmemValidateFlags of devicemem_server.c , there is a possible out of bounds write due to memory In DevmemValidateFlags of devicemem_server.c , there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43097 [HIGH] CWE-787 CVE-2024-43097: In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overfl In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43762 [HIGH] CVE-2024-43762: In multiple locations, there is a possible way to avoid unbinding of a service from the system due t In multiple locations, there is a possible way to avoid unbinding of a service from the system due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-11624 [HIGH] CWE-276 CVE-2024-11624: there is a possible to add apps to bypass VPN due to Undeclared Permission . This could lead to loca there is a possible to add apps to bypass VPN due to Undeclared Permission . This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43764 [HIGH] CVE-2024-43764: In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to partially bypass lock In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to partially bypass lock screen. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-53837 [HIGH] CWE-787 CVE-2024-53837: In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-53838 [HIGH] CWE-787 CVE-2024-53838: In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of b In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-53834 [HIGH] CWE-125 CVE-2024-53834: In sms_DisplayHexDumpOfPrivacyBuffer of sms_Utilities.c, there is a possible out of bounds read due In sms_DisplayHexDumpOfPrivacyBuffer of sms_Utilities.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43767 [HIGH] CWE-94 CVE-2024-43767: In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to i In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-53835 [HIGH] CWE-276 CVE-2024-53835: there is a possible biometric bypass due to an unusual root cause. This could lead to local escalati there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-53841 [HIGH] CWE-276 CVE-2024-53841: In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused depu In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-53833 [HIGH] CWE-787 CVE-2024-53833: In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to im In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-53836 [MEDIUM] CWE-787 CVE-2024-53836: In wbrc_bt_dev_write of wb_regon_coordinator.c, there is a possible out of bounds write due to a buf In wbrc_bt_dev_write of wb_regon_coordinator.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-53839 [MEDIUM] CWE-125 CVE-2024-53839: In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of bounds read due to a miss In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.

CVE-2024-20154 [HIGH] CVE-2024-20154: Modem Android Security Bulletin 2025-01-01 CVE: CVE-2024-20154 Severity: CRITICAL Component: Modem References: A-376809176 M-MOLY00720348 *

CVE-2024-21464 [HIGH] CVE-2024-21464: Kernel Android Security Bulletin 2025-01-01 CVE: CVE-2024-21464 Severity: HIGH Component: Kernel References: A-350500921 QC-CR#3445828