Google Android vulnerabilities

CVE-2024-33034 [HIGH] CVE-2024-33034: Display Android Security Bulletin 2024-09-01 CVE: CVE-2024-33034 Severity: HIGH Component: Display References: A-350500940 QC-CR#3744850

CVE-2024-33043 [MEDIUM] CVE-2024-33043: WLAN Android Security Bulletin 2024-09-01 CVE: CVE-2024-33043 Severity: HIGH Component: WLAN References: A-344620433 QC-CR#3774849

CVE-2024-23359 [HIGH] CVE-2024-23359: Closed-source component Android Security Bulletin 2024-09-01 CVE: CVE-2024-23359 Severity: HIGH Component: Closed-source component References: A-328083933 *

CVE-2024-33060 [HIGH] CVE-2024-33060: Kernel Android Security Bulletin 2024-09-01 CVE: CVE-2024-33060 Severity: HIGH Component: Kernel References: A-350500584 QC-CR#3735984 [2]

CVE-2024-3655 [HIGH] CVE-2024-3655: Mali Android Security Bulletin 2024-09-01 CVE: CVE-2024-3655 Severity: HIGH Component: Mali References: A-346629290 *

CVE-2024-33045 [HIGH] CVE-2024-33045: Bootloader Android Security Bulletin 2024-09-01 CVE: CVE-2024-33045 Severity: HIGH Component: Bootloader References: A-344620353 QC-CR#3745620

CVE-2024-23362 [HIGH] CVE-2024-23362: Closed-source component Android Security Bulletin 2024-09-01 CVE: CVE-2024-23362 Severity: HIGH Component: Closed-source component References: A-328084308 *

CVE-2024-33051 [HIGH] CVE-2024-33051: Closed-source component Android Security Bulletin 2024-09-01 CVE: CVE-2024-33051 Severity: HIGH Component: Closed-source component References: A-344620373 *

CVE-2024-33054 [HIGH] CVE-2024-33054: Camera Android Security Bulletin 2024-09-01 CVE: CVE-2024-33054 Severity: HIGH Component: Camera References: A-344620733 QC-CR#3667735

CVE-2024-33048 [HIGH] CVE-2024-33048: WLAN Android Security Bulletin 2024-09-01 CVE: CVE-2024-33048 Severity: HIGH Component: WLAN References: A-344620292 QC-CR#3704739 QC-CR#3707241

CVE-2024-33016 [MEDIUM] CVE-2024-33016: Closed-source component Android Security Bulletin 2024-09-01 CVE: CVE-2024-33016 Severity: HIGH Component: Closed-source component References: A-339043498 *

CVE-2024-33038 [HIGH] CVE-2024-33038: Camera Android Security Bulletin 2024-09-01 CVE: CVE-2024-33038 Severity: HIGH Component: Camera References: A-344620773 QC-CR#3696086

CVE-2024-23365 [HIGH] CVE-2024-23365: Closed-source component Android Security Bulletin 2024-09-01 CVE: CVE-2024-23365 Severity: HIGH Component: Closed-source component References: A-328083987 *

CVE-2024-32927 [HIGH] CWE-416 CVE-2024-32927: In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-31333 [HIGH] CWE-190 CVE-2024-31333: In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer o In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-34731 [HIGH] CWE-362 CVE-2024-34731: In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-34740 [HIGH] CWE-190 CVE-2024-34740: In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbit In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-34727 [HIGH] CWE-120 CVE-2024-34727: In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-34741 [HIGH] CWE-269 CVE-2024-34741: In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for messa In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interact

CVE-2024-34739 [HIGH] CWE-116 CVE-2024-34739: In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escap In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.