Google Android vulnerabilities

CVE-2024-32895 [HIGH] CWE-787 CVE-2024-32895: In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds chec In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-32917 [HIGH] CWE-787 CVE-2024-32917: In pl330_dma_from_peri_start() of fp_spi_dma.c, there is a possible out of bounds write due to a mis In pl330_dma_from_peri_start() of fp_spi_dma.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-32908 [HIGH] CWE-362 CVE-2024-32908: In sec_media_protect of media.c, there is a possible permission bypass due to a race condition. This In sec_media_protect of media.c, there is a possible permission bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-29784 [HIGH] CWE-190 CVE-2024-29784: In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-32891 [HIGH] CWE-362 CVE-2024-32891: In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition. Th In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-32892 [HIGH] CWE-843 CVE-2024-32892: In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. T In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-32918 [MEDIUM] CWE-269 CVE-2024-32918: Permission Bypass allowing attackers to disable HDCP 2.2 encryption by not completing the HDCP Key Permission Bypass allowing attackers to disable HDCP 2.2 encryption by not completing the HDCP Key Exchange initialization steps

CVE-2024-32930 [MEDIUM] CWE-665 CVE-2024-32930: In plugin_ipc_handler of slc_plugin.c, there is a possible information disclosure due to uninitializ In plugin_ipc_handler of slc_plugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-32926 [MEDIUM] CWE-203 CVE-2024-32926: there is a possible information disclosure due to side channel information disclosure. This could le there is a possible information disclosure due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-32916 [MEDIUM] CWE-665 CVE-2024-32916: In fvp_freq_histogram_init of fvp.c, there is a possible Information Disclosure due to uninitialized In fvp_freq_histogram_init of fvp.c, there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-29780 [MEDIUM] CWE-908 CVE-2024-29780: In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitiali In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-32897 [MEDIUM] CWE-125 CVE-2024-32897: In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() of protocolsmsadapter.cpp, there is a possible out In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() of protocolsmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

CVE-2024-32914 [MEDIUM] CWE-125 CVE-2024-32914: In tpu_get_int_state of tpu.c, there is a possible information disclosure due to uninitialized data. In tpu_get_int_state of tpu.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-29785 [MEDIUM] CWE-908 CVE-2024-29785: In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data. In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-32923 [MEDIUM] CVE-2024-32923: there is a possible cellular denial of service due to a logic error in the code. This could lead to there is a possible cellular denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-32904 [MEDIUM] CWE-125 CVE-2024-32904: In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.

CVE-2024-32912 [MEDIUM] CWE-400 CVE-2024-32912: there is a possible persistent Denial of Service due to test/debugging code left in a production bui there is a possible persistent Denial of Service due to test/debugging code left in a production build. This could lead to local denial of service of impaired use of the device with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-32910 [MEDIUM] CWE-908 CVE-2024-32910: In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack dat In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-29778 [MEDIUM] CWE-125 CVE-2024-29778: In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possib In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

CVE-2024-32898 [MEDIUM] CWE-125 CVE-2024-32898: In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bound In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.