Google Android vulnerabilities

CVE-2024-47013 [HIGH] CWE-276 CVE-2024-47013: In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninit In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-47020 [HIGH] CVE-2024-47020: Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488.

CVE-2024-44098 [HIGH] CWE-415 CVE-2024-44098: In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation d In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-47035 [HIGH] CWE-787 CVE-2024-47035: In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds wr In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-44101 [HIGH] CWE-476 CVE-2024-44101: there is a possible Null Pointer Dereference (modem crash) due to improper input validation. This co there is a possible Null Pointer Dereference (modem crash) due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-47017 [HIGH] CWE-416 CVE-2024-47017: In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use after free due to a use after fre In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-47033 [HIGH] CWE-416 CVE-2024-47033: In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-47031 [HIGH] CVE-2024-47031: Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-329163861.

CVE-2024-47019 [MEDIUM] CWE-125 CVE-2024-47019: In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bound In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.

CVE-2024-47028 [MEDIUM] CWE-190 CVE-2024-47028: In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. This In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-47029 [MEDIUM] CWE-125 CVE-2024-47029: In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trusty_shared_memory_manager.cc, th In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trusty_shared_memory_manager.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-47025 [MEDIUM] CWE-863 CVE-2024-47025: In ppmp_protect_buf of drm_fw.c, there is a possible information disclosure due to a logic error in In ppmp_protect_buf of drm_fw.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-47018 [MEDIUM] CWE-125 CVE-2024-47018: In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible out of bounds read due to a b In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-47030 [MEDIUM] CVE-2024-47030: Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM componen Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818.

CVE-2024-47034 [MEDIUM] CWE-125 CVE-2024-47034: there is a possible out of bounds read due to a missing bounds check. This could lead to local infor there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-47015 [MEDIUM] CWE-125 CVE-2024-47015: In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out- In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.

CVE-2024-47026 [MEDIUM] CWE-125 CVE-2024-47026: In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read due to an incorrect bounds ch In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-44099 [MEDIUM] CWE-863 CVE-2024-44099: There is a possible Local bypass of user interaction due to an insecure default value. This could le There is a possible Local bypass of user interaction due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-39436 [MEDIUM] CWE-77 CVE-2024-39436: In linkturbonative service, there is a possible command injection due to improper input validation. In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.

CVE-2024-39438 [MEDIUM] CWE-77 CVE-2024-39438: In linkturbonative service, there is a possible command injection due to improper input validation. In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.