Google Android vulnerabilities

CVE-2024-34743 [HIGH] CWE-1021 CVE-2024-34743: In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-34737 [HIGH] CVE-2024-34737: In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to generate unmovable and undeletable pip windows due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-34736 [HIGH] CVE-2024-34736: In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-fr In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-34738 [HIGH] CWE-266 CVE-2024-34738: In multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read t In multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read their own restrictRead app-op states due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-34734 [HIGH] CWE-1188 CVE-2024-34734: In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-34742 [MEDIUM] CWE-843 CVE-2024-34742: In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from bei In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-20083 [CRITICAL] CWE-787 CVE-2024-20083: In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to l In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS08805789; Issue ID: MSV-1502.

CVE-2024-23350 [MEDIUM] CVE-2024-23350: Closed-source component Android Security Bulletin 2024-08-01 CVE: CVE-2024-23350 Severity: CRITICAL Component: Closed-source component References: A-323919259 *

CVE-2024-21478 [MEDIUM] CVE-2024-21478: Display Android Security Bulletin 2024-08-01 CVE: CVE-2024-21478 Severity: HIGH Component: Display References: A-323926460 QC-CR#3594987

CVE-2024-33011 [HIGH] CVE-2024-33011: WLAN Android Security Bulletin 2024-08-01 CVE: CVE-2024-33011 Severity: HIGH Component: WLAN References: A-339043727 QC-CR#3717567

CVE-2024-23353 [HIGH] CVE-2024-23353: Closed-source component Android Security Bulletin 2024-08-01 CVE: CVE-2024-23353 Severity: HIGH Component: Closed-source component References: A-323918845 *

CVE-2024-23382 [HIGH] CVE-2024-23382: Display Android Security Bulletin 2024-08-01 CVE: CVE-2024-23382 Severity: HIGH Component: Display References: A-339043615 QC-CR#3704061 [2]

CVE-2024-33018 [HIGH] CVE-2024-33018: WLAN Android Security Bulletin 2024-08-01 CVE: CVE-2024-33018 Severity: HIGH Component: WLAN References: A-339043500 QC-CR#3704796

CVE-2024-33019 [HIGH] CVE-2024-33019: WLAN Android Security Bulletin 2024-08-01 CVE: CVE-2024-33019 Severity: HIGH Component: WLAN References: A-339043783 QC-CR#3704794

CVE-2024-33023 [HIGH] CVE-2024-33023: Display Android Security Bulletin 2024-08-01 CVE: CVE-2024-33023 Severity: HIGH Component: Display References: A-339043278 QC-CR#3702019 [2]

CVE-2024-23352 [HIGH] CVE-2024-23352: Closed-source component Android Security Bulletin 2024-08-01 CVE: CVE-2024-23352 Severity: HIGH Component: Closed-source component References: A-323918787 *

CVE-2024-23384 [HIGH] CVE-2024-23384: Display Android Security Bulletin 2024-08-01 CVE: CVE-2024-23384 Severity: HIGH Component: Display References: A-339043323 QC-CR#3704870 [2] [3] [4]

CVE-2024-2937 [HIGH] CVE-2024-2937: Mali Android Security Bulletin 2024-08-01 CVE: CVE-2024-2937 Severity: HIGH Component: Mali References: A-339866012 *

CVE-2024-33024 [HIGH] CVE-2024-33024: WLAN Android Security Bulletin 2024-08-01 CVE: CVE-2024-33024 Severity: HIGH Component: WLAN References: A-339043270 QC-CR#3700072

CVE-2024-33027 [HIGH] CVE-2024-33027: Display Android Security Bulletin 2024-08-01 CVE: CVE-2024-33027 Severity: HIGH Component: Display References: A-316373168 QC-CR#3697522