Google Android vulnerabilities

CVE-2024-27229 [HIGH] CWE-476 CVE-2024-27229: In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a possible null pointer deref d In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a possible null pointer deref due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27220 [HIGH] CWE-125 CVE-2024-27220: In lpm_req_handler of , there is a possible out of bounds memory access due to a missing bounds chec In lpm_req_handler of , there is a possible out of bounds memory access due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27221 [HIGH] CWE-787 CVE-2024-27221: In update_policy_data of , there is a possible out of bounds write due to a missing bounds check. Th In update_policy_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-23717 [HIGH] CWE-20 CVE-2024-23717: In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-0046 [HIGH] CWE-269 CVE-2024-0046: In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restrictio In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27222 [HIGH] CWE-269 CVE-2024-27222: In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible way to access the file the app In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible way to access the file the app cannot access due to Intent Redirect GRANT_URI_PERMISSIONS Attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27224 [HIGH] CWE-269 CVE-2024-27224: In strncpy of strncpy.c, there is a possible out of bounds write due to a missing bounds check. This In strncpy of strncpy.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27204 [HIGH] CWE-787 CVE-2024-27204: In tmu_set_gov_active of tmu.c, there is a possible out of bounds write due to a missing bounds chec In tmu_set_gov_active of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-22007 [MEDIUM] CWE-125 CVE-2024-22007: In constraint_check of fvp.c, there is a possible out of bounds read due to a missing bounds check. In constraint_check of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27234 [MEDIUM] CWE-125 CVE-2024-27234: In fvp_set_target of fvp.c, there is a possible out of bounds read due to a missing bounds check. Th In fvp_set_target of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-0044 [MEDIUM] CWE-74 CVE-2024-0044: In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27225 [MEDIUM] CWE-120 CVE-2024-27225: In sendHciCommand of bluetooth_hci.cc, there is a possible out of bounds read due to a heap buffer o In sendHciCommand of bluetooth_hci.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-25984 [MEDIUM] CWE-120 CVE-2024-25984: In dumpBatteryDefend of dump_power.cpp, there is a possible out of bounds read due to a heap buffer In dumpBatteryDefend of dump_power.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-22006 [MEDIUM] CWE-125 CVE-2024-22006: OOB read in the TMU plugin that allows for memory disclosure in the power management subsystem of th OOB read in the TMU plugin that allows for memory disclosure in the power management subsystem of the device.

CVE-2024-25987 [MEDIUM] CWE-269 CVE-2024-25987: In pt_sysctl_command of pt.c, there is a possible out of bounds write due to an incorrect bounds che In pt_sysctl_command of pt.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-22010 [MEDIUM] CWE-125 CVE-2024-22010: In dvfs_plugin_caller of fvp.c, there is a possible out of bounds read due to a missing bounds check In dvfs_plugin_caller of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-0047 [MEDIUM] CWE-502 CVE-2024-0047: In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27230 [MEDIUM] CWE-125 CVE-2024-27230: In ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cpp, there is a possible out of In ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

CVE-2024-0045 [MEDIUM] CWE-125 CVE-2024-0045: In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input vali In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-27235 [MEDIUM] CWE-125 CVE-2024-27235: In plugin_extern_func of , there is a possible out of bounds read due to a missing bounds check. Thi In plugin_extern_func of , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.