Google Android vulnerabilities

CVE-2023-28548 [HIGH] CVE-2023-28548: Closed-source component Android Security Bulletin 2024-01-01 CVE: CVE-2023-28548 Severity: HIGH Component: Closed-source component References: A-280342264 *

CVE-2023-33114 [HIGH] CVE-2023-33114: Kernel Android Security Bulletin 2024-01-01 CVE: CVE-2023-33114 Severity: HIGH Component: Kernel References: A-303101495 QC-CR#3520999 [2]

CVE-2023-33032 [CRITICAL] CVE-2023-33032: Closed-source component Android Security Bulletin 2024-01-01 CVE: CVE-2023-33032 Severity: HIGH Component: Closed-source component References: A-290061658 *

CVE-2023-33040 [HIGH] CVE-2023-33040: Closed-source component Android Security Bulletin 2024-01-01 CVE: CVE-2023-33040 Severity: HIGH Component: Closed-source component References: A-290061061 *

CVE-2023-28544 [HIGH] CVE-2023-28544: Closed-source component Android Security Bulletin 2024-01-01 CVE: CVE-2023-28544 Severity: HIGH Component: Closed-source component References: A-280342360 *

CVE-2023-28560 [HIGH] CVE-2023-28560: Closed-source component Android Security Bulletin 2024-01-01 CVE: CVE-2023-28560 Severity: HIGH Component: Closed-source component References: A-280342458 *

CVE-2022-33275 [HIGH] CVE-2022-33275: Closed-source component Android Security Bulletin 2024-01-01 CVE: CVE-2022-33275 Severity: HIGH Component: Closed-source component References: A-280342403 *

CVE-2023-48417 [CRITICAL] CWE-862 CVE-2023-48417: Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Appl Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application

CVE-2023-48425 [CRITICAL] CWE-20 CVE-2023-48425: U-Boot vulnerability resulting in persistent Code Execution U-Boot vulnerability resulting in persistent Code Execution

CVE-2023-48424 [CRITICAL] CVE-2023-48424: U-Boot shell vulnerability resulting in Privilege escalation in a production device U-Boot shell vulnerability resulting in Privilege escalation in a production device

CVE-2023-6181 [CRITICAL] CVE-2023-6181: An oversight in BCB handling of reboot reason that allows for persistent code execution An oversight in BCB handling of reboot reason that allows for persistent code execution

CVE-2023-48423 [CRITICAL] CWE-787 CVE-2023-48423: In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bou In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-48402 [HIGH] CWE-862 CVE-2023-48402: In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could le In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-48407 [HIGH] CVE-2023-48407: there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-48421 [HIGH] CWE-787 CVE-2023-48421: In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/p In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-48398 [HIGH] CWE-125 CVE-2023-48398: In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possib In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

CVE-2023-48409 [HIGH] CWE-190 CVE-2023-48409: In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-48404 [HIGH] CWE-125 CVE-2023-48404: In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-48403 [HIGH] CWE-787 CVE-2023-48403: In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buff In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure if the attacker is able to observe the behavior of the subsequent switch conditional with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-48410 [HIGH] CWE-125 CVE-2023-48410: In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.