Google Android vulnerabilities

CVE-2024-20015 [HIGH] CWE-305 CVE-2024-20015: In telephony, there is a possible escalation of privilege due to a permissions bypass. This could le In telephony, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441419; Issue ID: ALPS08441419.

CVE-2024-20009 [HIGH] CWE-787 CVE-2024-20009: In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This co In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID: ALPS08441150.

CVE-2024-20007 [HIGH] CWE-362 CVE-2024-20007: In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369.

CVE-2024-20006 [MEDIUM] CWE-787 CVE-2024-20006: In da, there is a possible out of bounds write due to a missing bounds check. This could lead to loc In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148.

CVE-2024-20013 [MEDIUM] CWE-787 CVE-2024-20013: In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lea In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608.

CVE-2024-20002 [MEDIUM] CWE-787 CVE-2024-20002: In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715.

CVE-2024-20010 [MEDIUM] CWE-843 CVE-2024-20010: In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560.

CVE-2024-20012 [MEDIUM] CWE-843 CVE-2024-20012: In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566.

CVE-2024-20016 [MEDIUM] CWE-190 CVE-2024-20016: In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901.

CVE-2024-20001 [MEDIUM] CWE-787 CVE-2024-20001: In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601.

CVE-2023-33057 [HIGH] CVE-2023-33057: Closed-source component Android Security Bulletin 2024-02-01 CVE: CVE-2023-33057 Severity: HIGH Component: Closed-source component References: A-295039728 *

CVE-2023-33076 [MEDIUM] CVE-2023-33076: Closed-source component Android Security Bulletin 2024-02-01 CVE: CVE-2023-33076 Severity: HIGH Component: Closed-source component References: A-295039588 *

CVE-2023-43523 [HIGH] CVE-2023-43523: Closed-source component Android Security Bulletin 2024-02-01 CVE: CVE-2023-43523 Severity: HIGH Component: Closed-source component References: A-309460866 *

CVE-2023-33046 [HIGH] CVE-2023-33046: Closed-source component Android Security Bulletin 2024-02-01 CVE: CVE-2023-33046 Severity: HIGH Component: Closed-source component References: A-295038516 *

CVE-2023-43513 [HIGH] CVE-2023-43513: Kernel Android Security Bulletin 2024-02-01 CVE: CVE-2023-43513 Severity: HIGH Component: Kernel References: A-303101658 QC-CR#3545432 [2]

CVE-2023-43533 [HIGH] CVE-2023-43533: Closed-source component Android Security Bulletin 2024-02-01 CVE: CVE-2023-43533 Severity: HIGH Component: Closed-source component References: A-309461430 *

CVE-2024-20003 [HIGH] CVE-2024-20003: 5G Modem Android Security Bulletin 2024-02-01 CVE: CVE-2024-20003 Severity: HIGH Component: 5G Modem References: A-317829112 M-MOLY01191612 *

CVE-2023-32843 [HIGH] CVE-2023-32843: 5G Modem Android Security Bulletin 2024-02-01 CVE: CVE-2023-32843 Severity: HIGH Component: 5G Modem References: A-317829110 M-MOLY01130204 *

CVE-2023-43516 [HIGH] CVE-2023-43516: Video Android Security Bulletin 2024-02-01 CVE: CVE-2023-43516 Severity: HIGH Component: Video References: A-309461150 QC-CR#3536092

CVE-2023-43519 [HIGH] CVE-2023-43519: Closed-source component Android Security Bulletin 2024-02-01 CVE: CVE-2023-43519 Severity: HIGH Component: Closed-source component References: A-309461083 *