Google Android vulnerabilities

CVE-2024-20041 [MEDIUM] CWE-125 CVE-2024-20041: In da, there is a possible out of bounds read due to a missing bounds check. This could lead to loca In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541746; Issue ID: ALPS08541746.

CVE-2024-20048 [MEDIUM] CWE-248 CVE-2024-20048: In flashc, there is a possible information disclosure due to an uncaught exception. This could lead In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541769; Issue ID: ALPS08541769.

CVE-2024-20052 [MEDIUM] CVE-2024-20052: In flashc, there is a possible information disclosure due to an uncaught exception. This could lead In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541761.

CVE-2024-20046 [MEDIUM] CWE-190 CVE-2024-20046: In battery, there is a possible escalation of privilege due to an integer overflow. This could lead In battery, there is a possible escalation of privilege due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08485622; Issue ID: ALPS08485622.

CVE-2024-20043 [MEDIUM] CWE-787 CVE-2024-20043: In da, there is a possible out of bounds write due to a missing bounds check. This could lead to loc In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541781; Issue ID: ALPS08541781.

CVE-2024-20044 [MEDIUM] CWE-787 CVE-2024-20044: In da, there is a possible out of bounds write due to a missing bounds check. This could lead to loc In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541784; Issue ID: ALPS08541784.

CVE-2024-20047 [MEDIUM] CWE-190 CVE-2024-20047: In battery, there is a possible out of bounds read due to an integer overflow. This could lead to lo In battery, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587865; Issue ID: ALPS08486807.

CVE-2024-20049 [MEDIUM] CWE-248 CVE-2024-20049: In flashc, there is a possible information disclosure due to an uncaught exception. This could lead In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541765; Issue ID: ALPS08541765.

CVE-2024-20042 [MEDIUM] CWE-787 CVE-2024-20042: In da, there is a possible out of bounds write due to a missing bounds check. This could lead to loc In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541780; Issue ID: ALPS08541780.

CVE-2024-20051 [LOW] CVE-2024-20051: In flashc, there is a possible system crash due to an uncaught exception. This could lead to local d In flashc, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541758.

CVE-2024-20045 [LOW] CWE-125 CVE-2024-20045: In audio, there is a possible out of bounds read due to an incorrect calculation of buffer size. Thi In audio, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08024748; Issue ID: ALPS08029526.

CVE-2024-27207 [CRITICAL] CWE-269 CVE-2024-27207: Exported broadcast receivers allowing malicious apps to bypass broadcast protection. Exported broadcast receivers allowing malicious apps to bypass broadcast protection.

CVE-2024-0039 [CRITICAL] CWE-787 CVE-2024-0039: In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27228 [CRITICAL] CWE-787 CVE-2024-27228: there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote cod there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27227 [CRITICAL] CWE-787 CVE-2024-27227: A malicious DNS response can trigger a number of OOB reads, writes, and other memory issues A malicious DNS response can trigger a number of OOB reads, writes, and other memory issues

CVE-2024-25986 [HIGH] CWE-119 CVE-2024-25986: In ppmp_unprotect_buf of drm_fw.c, there is a possible compromise of protected memory due to a logic In ppmp_unprotect_buf of drm_fw.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27219 [HIGH] CWE-787 CVE-2024-27219: In tmu_set_pi of tmu.c, there is a possible out of bounds write due to a missing bounds check. This In tmu_set_pi of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27211 [HIGH] CWE-787 CVE-2024-27211: In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write due to a missing null check. Thi In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27226 [HIGH] CWE-787 CVE-2024-27226: In tmu_config_gov_params of , there is a possible out of bounds write due to a missing bounds check. In tmu_config_gov_params of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-22009 [HIGH] CWE-787 CVE-2024-22009: In init_data of , there is a possible out of bounds write due to a missing bounds check. This could In init_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.