Google Android vulnerabilities

CVE-2023-42682 [MEDIUM] CWE-787 CVE-2023-42682: In gsp driver, there is a possible out of bounds write due to a missing bounds check. This could lea In gsp driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

CVE-2022-48462 [MEDIUM] CWE-787 CVE-2022-48462: In wifi service, there is a possible out of bounds write due to a missing bounds check. This could l In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed

CVE-2023-42734 [MEDIUM] CWE-862 CVE-2023-42734: In telephony service, there is a possible missing permission check. This could lead to local informa In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-42707 [MEDIUM] CWE-862 CVE-2023-42707: In firewall service, there is a possible way to write permission usage records of an app due to a mi In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-42706 [MEDIUM] CWE-862 CVE-2023-42706: In firewall service, there is a possible way to write permission usage records of an app due to a mi In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-32857 [MEDIUM] CWE-125 CVE-2023-32857: In display, there is a possible out of bounds read due to an incorrect status check. This could lead In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993710.

CVE-2023-32858 [MEDIUM] CVE-2023-32858: In GZ, there is a possible information disclosure due to a missing data erasing. This could lead to In GZ, there is a possible information disclosure due to a missing data erasing. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07806008; Issue ID: ALPS07806008.

CVE-2023-42703 [MEDIUM] CWE-862 CVE-2023-42703: In firewall service, there is a possible way to write permission usage records of an app due to a mi In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-42720 [MEDIUM] CWE-125 CVE-2023-42720: In video service, there is a possible out of bounds read due to a missing bounds check. This could l In video service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed

CVE-2023-32853 [MEDIUM] CWE-787 CVE-2023-32853: In rpmb, there is a possible out of bounds write due to a missing bounds check. This could lead to l In rpmb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648764; Issue ID: ALPS07648764.

CVE-2023-42709 [MEDIUM] CWE-862 CVE-2023-42709: In firewall service, there is a possible way to write permission usage records of an app due to a mi In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-42732 [MEDIUM] CWE-862 CVE-2023-42732: In telephony service, there is a possible missing permission check. This could lead to local informa In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-42673 [MEDIUM] CWE-862 CVE-2023-42673: In imsservice, there is a possible way to write permission usage records of an app due to a missing In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-42712 [MEDIUM] CWE-862 CVE-2023-42712: In firewall service, there is a possible way to write permission usage records of an app due to a mi In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-42723 [MEDIUM] CWE-125 CVE-2023-42723: In camera service, there is a possible out of bounds read due to a missing bounds check. This could In camera service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed

CVE-2023-42671 [MEDIUM] CWE-862 CVE-2023-42671: In imsservice, there is a possible way to write permission usage records of an app due to a missing In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-42683 [MEDIUM] CWE-125 CVE-2023-42683: In gsp driver, there is a possible out of bounds read due to a missing bounds check. This could lead In gsp driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

CVE-2023-40074 [MEDIUM] CVE-2023-40074: In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of servic In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-42721 [MEDIUM] CVE-2023-42721: In flv extractor, there is a possible missing verification incorrect input. This could lead to local In flv extractor, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed

CVE-2023-40075 [MEDIUM] CVE-2023-40075: In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for exploitation.