Google Android vulnerabilities

CVE-2024-0153 [HIGH] CVE-2024-0153: Mali Android Security Bulletin 2024-07-01 CVE: CVE-2024-0153 Severity: HIGH Component: Mali References: A-302570828 *

CVE-2024-23380 [HIGH] CVE-2024-23380: Display Android Security Bulletin 2024-07-01 CVE: CVE-2024-23380 Severity: HIGH Component: Display References: A-332315362 QC-CR#3690718 [2]

CVE-2024-23368 [HIGH] CVE-2024-23368: Kernel Android Security Bulletin 2024-07-01 CVE: CVE-2024-23368 Severity: HIGH Component: Kernel References: A-332315224 QC-CR#3522299

CVE-2024-21465 [HIGH] CVE-2024-21465: Closed-source component Android Security Bulletin 2024-07-01 CVE: CVE-2024-21465 Severity: HIGH Component: Closed-source component References: A-318393702 *

CVE-2024-21469 [HIGH] CVE-2024-21469: Closed-source component Android Security Bulletin 2024-07-01 CVE: CVE-2024-21469 Severity: HIGH Component: Closed-source component References: A-318393825 *

CVE-2024-23372 [HIGH] CVE-2024-23372: Display Android Security Bulletin 2024-07-01 CVE: CVE-2024-23372 Severity: HIGH Component: Display References: A-332315102 QC-CR#3692589 [2]

CVE-2024-20076 [HIGH] CVE-2024-20076: Modem Android Security Bulletin 2024-07-01 CVE: CVE-2024-20076 Severity: HIGH Component: Modem References: A-338887100 MOLY01297806 *

CVE-2024-21462 [HIGH] CVE-2024-21462: Closed-source component Android Security Bulletin 2024-07-01 CVE: CVE-2024-21462 Severity: HIGH Component: Closed-source component References: A-318394116 *

CVE-2024-21460 [HIGH] CVE-2024-21460: Closed-source component Android Security Bulletin 2024-07-01 CVE: CVE-2024-21460 Severity: HIGH Component: Closed-source component References: A-318393435 *

CVE-2024-20077 [HIGH] CVE-2024-20077: Modem Android Security Bulletin 2024-07-01 CVE: CVE-2024-20077 Severity: HIGH Component: Modem References: A-338887097 MOLY01297807 *

CVE-2024-23373 [HIGH] CVE-2024-23373: Display Android Security Bulletin 2024-07-01 CVE: CVE-2024-23373 Severity: HIGH Component: Display References: A-332315050 QC-CR#3692564 [2]

CVE-2024-20079 [MEDIUM] CWE-787 CVE-2024-20079: In gnss service, there is a possible out of bounds write due to improper input validation. This coul In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: MSV-1491.

CVE-2024-39427 [MEDIUM] CWE-787 CVE-2024-39427: In trusty service, there is a possible out of bounds write due to a missing bounds check. This could In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

CVE-2024-39429 [MEDIUM] CWE-787 CVE-2024-39429: In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed

CVE-2024-39428 [MEDIUM] CWE-787 CVE-2024-39428: In trusty service, there is a possible out of bounds write due to a missing bounds check. This could In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

CVE-2024-39430 [MEDIUM] CWE-787 CVE-2024-39430: In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed

CVE-2024-20081 [MEDIUM] CWE-787 CVE-2024-20081: In gnss service, there is a possible out of bounds write due to improper input validation. This coul In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08719602; Issue ID: MSV-1412.

CVE-2024-32911 [CRITICAL] CWE-327 CVE-2024-32911: There is a possible escalation of privilege due to improperly used crypto. This could lead to remote There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-29786 [CRITICAL] CWE-787 CVE-2024-29786: In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write d In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-32905 [CRITICAL] CWE-787 CVE-2024-32905: In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incor In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.