Google Android vulnerabilities

CVE-2024-0050 [HIGH] CWE-787 CVE-2024-0050: In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a m In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-0048 [HIGH] CWE-230 CVE-2024-0048: In Session of AccountManagerService.java, there is a possible method to retain foreground service pr In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27205 [HIGH] CWE-416 CVE-2024-27205: there is a possible memory corruption due to a use after free. This could lead to local escalation o there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-25985 [HIGH] CWE-416 CVE-2024-25985: In bigo_unlocked_ioctl of bigo.c, there is a possible UAF due to a missing bounds check. This could In bigo_unlocked_ioctl of bigo.c, there is a possible UAF due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27209 [HIGH] CWE-122 CVE-2024-27209: there is a possible out of bounds write due to a heap buffer overflow. This could lead to local esca there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-22008 [HIGH] CWE-269 CVE-2024-22008: In config_gov_time_windows of tmu.c, there is a possible out of bounds write due to a missing bounds In config_gov_time_windows of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27236 [HIGH] CWE-843 CVE-2024-27236: In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption due to type confusion. This co In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27233 [HIGH] CWE-269 CVE-2024-27233: In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission bypass due to uninitialized data. In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission bypass due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-25993 [HIGH] CWE-787 CVE-2024-25993: In tmu_reset_tmu_trip_counter of , there is a possible out of bounds write due to a missing bounds c In tmu_reset_tmu_trip_counter of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-25992 [HIGH] CWE-125 CVE-2024-25992: In tmu_tz_control of tmu.c, there is a possible out of bounds read due to a missing bounds check. Th In tmu_tz_control of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-0051 [HIGH] CWE-787 CVE-2024-0051: In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer over In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27213 [HIGH] CWE-416 CVE-2024-27213: In BroadcastSystemMessage of servicemgr.cpp, there is a possible Remote Code Execution due to a use In BroadcastSystemMessage of servicemgr.cpp, there is a possible Remote Code Execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-22005 [HIGH] CWE-787 CVE-2024-22005: there is a possible Authentication Bypass due to improperly used crypto. This could lead to local es there is a possible Authentication Bypass due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27212 [HIGH] CWE-787 CVE-2024-27212: In init_data of , there is a possible out of bounds write due to a missing bounds check. This could In init_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27206 [HIGH] CWE-125 CVE-2024-27206: there is a possible out of bounds read due to a missing bounds check. This could lead to remote info there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27208 [HIGH] CWE-787 CVE-2024-27208: there is a possible out of bounds write due to a missing bounds check. This could lead to local esca there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27210 [HIGH] CWE-269 CVE-2024-27210: In policy_check of fvp.c, there is a possible out of bounds write due to a missing bounds check. Thi In policy_check of fvp.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-0049 [HIGH] CWE-787 CVE-2024-0049: In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This c In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-22011 [HIGH] CWE-125 CVE-2024-22011: In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a possible out of bounds read due to In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-25988 [HIGH] CWE-125 CVE-2024-25988: In SAEMM_DiscloseGuti of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a In SAEMM_DiscloseGuti of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.