Google Android vulnerabilities

CVE-2024-43047 [HIGH] CVE-2024-43047: Kernel Android Security Bulletin 2024-11-01 CVE: CVE-2024-43047 Severity: HIGH Component: Kernel References: A-364017103 QC-CR#3883647

CVE-2024-38403 [HIGH] CVE-2024-38403: Closed-source component Android Security Bulletin 2024-11-01 CVE: CVE-2024-38403 Severity: HIGH Component: Closed-source component References: A-357615948 *

CVE-2024-23385 [HIGH] CVE-2024-23385: Closed-source component Android Security Bulletin 2024-11-01 CVE: CVE-2024-23385 Severity: HIGH Component: Closed-source component References: A-339043003 *

CVE-2024-38402 [HIGH] CVE-2024-38402: Kernel Android Security Bulletin 2024-11-01 CVE: CVE-2024-38402 Severity: HIGH Component: Kernel References: A-364017423 QC-CR#3890158

CVE-2024-36978 [HIGH] CVE-2024-36978: Net Android Security Bulletin 2024-11-01 CVE: CVE-2024-36978 Severity: HIGH Type: EoP Component: Net References: A-349777785 Upstream kernel [2]

CVE-2024-46740 [HIGH] CVE-2024-46740: Binder Android Security Bulletin 2024-11-01 CVE: CVE-2024-46740 Severity: HIGH Type: EoP Component: Binder References: A-352520660 Upstream kernel [2] [3] [4] [5] [6] [7] [8]

CVE-2024-21455 [HIGH] CVE-2024-21455: Kernel Android Security Bulletin 2024-11-01 CVE: CVE-2024-21455 Severity: HIGH Component: Kernel References: A-357616450 QC-CR#3839449 [2] QC-CR#3875202 [2]

CVE-2024-38424 [HIGH] CVE-2024-38424: Closed-source component Android Security Bulletin 2024-11-01 CVE: CVE-2024-38424 Severity: HIGH Component: Closed-source component References: A-357616230 *

CVE-2024-38421 [HIGH] CVE-2024-38421: Display Android Security Bulletin 2024-11-01 CVE: CVE-2024-38421 Severity: HIGH Component: Display References: A-357616018 QC-CR#3793941

CVE-2024-38415 [HIGH] CVE-2024-38415: Camera Android Security Bulletin 2024-11-01 CVE: CVE-2024-38415 Severity: HIGH Component: Camera References: A-357616194 QC-CR#3775520 [2]

CVE-2024-47027 [HIGH] CWE-22 CVE-2024-47027: In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory a In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-47024 [HIGH] CWE-190 CVE-2024-47024: In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds wr In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-47014 [HIGH] CWE-276 CVE-2024-47014: Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292.

CVE-2024-47012 [HIGH] CWE-787 CVE-2024-47012: In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due t In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-47022 [HIGH] CVE-2024-47022: Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM componen Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656.

CVE-2024-47041 [HIGH] CWE-125 CVE-2024-47041: In valid_address of syscall.c, there is a possible out of bounds read due to an incorrect bounds che In valid_address of syscall.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-47016 [HIGH] CWE-276 CVE-2024-47016: there is a possible privilege escalation due to an insecure default value. This could lead to local there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-44100 [HIGH] CWE-276 CVE-2024-44100: Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem compone Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.

CVE-2024-47023 [HIGH] CVE-2024-47023: there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to re there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-47021 [HIGH] CWE-125 CVE-2024-47021: In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a mis In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.