Google Android vulnerabilities

CVE-2024-0020 [MEDIUM] CWE-200 CVE-2024-0020: In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40085 [MEDIUM] CWE-125 CVE-2023-40085: In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a miss In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-0030 [MEDIUM] CWE-125 CVE-2024-0030: In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incor In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40122 [LOW] CVE-2023-40122: In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-0037 [LOW] CWE-862 CVE-2024-0037: In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a diff In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40106 [HIGH] CWE-269 CVE-2023-40106: In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity fro In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40111 [HIGH] CWE-441 CVE-2023-40111: In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending inte In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of system_server due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2023-40114 [HIGH] CWE-416 CVE-2023-40114: In multiple functions of MtpFfsHandle.cpp , there is a possible out of bounds write due to a use aft In multiple functions of MtpFfsHandle.cpp , there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2023-40107 [HIGH] CWE-416 CVE-2023-40107: In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40109 [HIGH] CWE-266 CVE-2023-40109: In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) d In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2023-40104 [HIGH] CWE-295 CVE-2023-40104: In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographi In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40100 [HIGH] CWE-416 CVE-2023-40100: In discovery_thread of Dns64Configuration.cpp, there is a possible memory corruption due to a use af In discovery_thread of Dns64Configuration.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40115 [HIGH] CWE-416 CVE-2023-40115: In readLogs of StatsService.cpp, there is a possible memory corruption due to a use after free. This In readLogs of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40110 [HIGH] CWE-787 CVE-2023-40110: In multiple functions of MtpPacket.cpp, there is a possible out of bounds write due to a heap buffer In multiple functions of MtpPacket.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2023-40113 [MEDIUM] CWE-862 CVE-2023-40113: In multiple locations, there is a possible way for apps to access cross-user message data due to a m In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40105 [MEDIUM] CWE-862 CVE-2023-40105: In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40124 [MEDIUM] CWE-125 CVE-2023-40124: In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40112 [MEDIUM] CWE-125 CVE-2023-40112: In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. Th In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of past print jobs or other print-related information, with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-22012 [HIGH] CWE-787 CVE-2024-22012: there is a possible out of bounds write due to a missing bounds check. This could lead to local esca there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-20011 [CRITICAL] CWE-119 CVE-2024-20011: In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This c In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.