Google Android vulnerabilities

CVE-2018-9431 [HIGH] CWE-276 CVE-2018-9431: In OSUInfo of OSUInfo.java, there is a possible escalation of privilege due to improper input valida In OSUInfo of OSUInfo.java, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-20128 [HIGH] CWE-125 CVE-2024-20128: In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2024.

CVE-2018-9413 [HIGH] CWE-787 CVE-2018-9413: In handle_notification_response of btif_rc.cc, there is a possible out of bounds write due to a miss In handle_notification_response of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2024-20116 [MEDIUM] CWE-125 CVE-2024-20116: In cmdq, there is a possible out of bounds read due to a missing bounds check. This could lead to lo In cmdq, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09057438; Issue ID: MSV-1696.

CVE-2024-20135 [MEDIUM] CWE-787 CVE-2024-20135: In soundtrigger, there is a possible out of bounds write due to a missing bounds check. This could l In soundtrigger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09142526; Issue ID: MSV-1841.

CVE-2018-9423 [MEDIUM] CWE-125 CVE-2018-9423: In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c there is a possible out of bound read du In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c there is a possible out of bound read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2024-20130 [MEDIUM] CWE-121 CVE-2024-20130: In power, there is a possible out of bounds write due to a missing bounds check. This could lead to In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09193374; Issue ID: MSV-1982.

CVE-2024-20139 [MEDIUM] CWE-617 CVE-2024-20139: In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001270; Issue ID: MSV-1600.

CVE-2024-20136 [MEDIUM] CWE-125 CVE-2024-20136: In da, there is a possible out of bounds read due to a missing bounds check. This could lead to loca In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09121847; Issue ID: MSV-1821.

CVE-2018-9429 [MEDIUM] CWE-125 CVE-2018-9429: In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitial In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2024-20134 [MEDIUM] CWE-787 CVE-2024-20134: In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09154589; Issue ID: MSV-1866.

CVE-2024-20125 [MEDIUM] CWE-787 CVE-2024-20125: In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to l In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained System privileges. User interaction is not needed for exploitation. Patch ID: ALPS09046782; Issue ID: MSV-1728.

CVE-2018-9376 [MEDIUM] CWE-787 CVE-2018-9376: In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possib In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9435 [MEDIUM] CWE-125 CVE-2018-9435: In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound read due to a missing boun In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43052 [HIGH] CVE-2024-43052: Closed-source component Android Security Bulletin 2024-12-01 CVE: CVE-2024-43052 Severity: HIGH Component: Closed-source component References: A-364017831 *

CVE-2024-33056 [HIGH] CVE-2024-33056: Closed-source component Android Security Bulletin 2024-12-01 CVE: CVE-2024-33056 Severity: HIGH Component: Closed-source component References: A-344619640 *

CVE-2024-43701 [HIGH] CVE-2024-43701: PowerVR-GPU Android Security Bulletin 2024-12-01 CVE: CVE-2024-43701 Severity: HIGH Component: PowerVR-GPU References: A-363029346 *

CVE-2024-43048 [HIGH] CVE-2024-43048: Closed-source component Android Security Bulletin 2024-12-01 CVE: CVE-2024-43048 Severity: HIGH Component: Closed-source component References: A-364017161 *

CVE-2024-33063 [HIGH] CVE-2024-33063: WLAN Android Security Bulletin 2024-12-01 CVE: CVE-2024-33063 Severity: HIGH Component: WLAN References: A-364017561 QC-CR#3749192

CVE-2024-33044 [HIGH] CVE-2024-33044: Closed-source component Android Security Bulletin 2024-12-01 CVE: CVE-2024-33044 Severity: HIGH Component: Closed-source component References: A-344620789 *