Google Android vulnerabilities

CVE-2024-39440 [MEDIUM] CWE-476 CVE-2024-39440: In DRM service, there is a possible system crash due to null pointer dereference. This could lead to In DRM service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with System execution privileges needed.

CVE-2024-39439 [MEDIUM] CWE-787 CVE-2024-39439: In DRM service, there is a possible out of bounds write due to a missing bounds check. This could le In DRM service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

CVE-2024-39437 [MEDIUM] CWE-77 CVE-2024-39437: In linkturbonative service, there is a possible command injection due to improper input validation. In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.

CVE-2024-34663 [MEDIUM] CWE-190 CVE-2024-34663: Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory.

CVE-2024-34664 [LOW] CWE-754 CVE-2024-34664: Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physica Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment.

CVE-2024-20101 [CRITICAL] CWE-787 CVE-2024-20101: In wlan driver, there is a possible out of bounds write due to improper input validation. This could In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602.

CVE-2024-20100 [CRITICAL] CWE-787 CVE-2024-20100: In wlan driver, there is a possible out of bounds write due to improper input validation. This could In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603.

CVE-2024-20103 [CRITICAL] CWE-787 CVE-2024-20103: In wlan firmware, there is a possible out of bounds write due to improper input validation. This cou In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001358; Issue ID: MSV-1599.

CVE-2024-20092 [HIGH] CWE-787 CVE-2024-20092: In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to l In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1700.

CVE-2024-20093 [MEDIUM] CWE-125 CVE-2024-20093: In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to lo In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1699.

CVE-2024-20090 [MEDIUM] CWE-787 CVE-2024-20090: In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to l In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1703.

CVE-2024-20091 [MEDIUM] CWE-125 CVE-2024-20091: In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to lo In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1701.

CVE-2024-20099 [MEDIUM] CWE-787 CVE-2024-20099: In power, there is a possible out of bounds write due to a missing bounds check. This could lead to In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08997492; Issue ID: MSV-1625.

CVE-2024-20095 [MEDIUM] CWE-125 CVE-2024-20095: In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to loc In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996894; Issue ID: MSV-1636.

CVE-2024-20098 [MEDIUM] CWE-787 CVE-2024-20098: In power, there is a possible out of bounds write due to a missing bounds check. This could lead to In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996886; Issue ID: MSV-1626.

CVE-2024-20096 [MEDIUM] CWE-125 CVE-2024-20096: In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to loc In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996900; Issue ID: MSV-1635.

CVE-2024-20097 [MEDIUM] CWE-125 CVE-2024-20097: In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to lo In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1630.

CVE-2024-20102 [MEDIUM] CWE-125 CVE-2024-20102: In wlan driver, there is a possible out of bounds read due to improper input validation. This could In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998892; Issue ID: MSV-1601.

CVE-2024-44097 [CRITICAL] CWE-269 CVE-2024-44097: According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. The attacker could the either send the client a malici

CVE-2024-33069 [HIGH] CVE-2024-33069: WLAN Android Security Bulletin 2024-10-01 CVE: CVE-2024-33069 Severity: HIGH Component: WLAN References: A-350500907 QC-CR#3772014