Google Android vulnerabilities

CVE-2023-42678 [MEDIUM] CWE-862 CVE-2023-42678: In imsservice, there is a possible way to write permission usage records of an app due to a missing In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-42699 [MEDIUM] CWE-862 CVE-2023-42699: In omacp service, there is a possible way to write permission usage records of an app due to a missi In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-42705 [MEDIUM] CWE-862 CVE-2023-42705: In imsservice, there is a possible way to write permission usage records of an app due to a missing In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-42725 [MEDIUM] CWE-125 CVE-2023-42725: In gpu driver, there is a possible out of bounds read due to a missing bounds check. This could lead In gpu driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

CVE-2023-42714 [MEDIUM] CWE-862 CVE-2023-42714: In firewall service, there is a possible way to write permission usage records of an app due to a mi In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-32867 [MEDIUM] CWE-787 CVE-2023-32867: In display drm, there is a possible out of bounds write due to a missing bounds check. This could le In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560793; Issue ID: ALPS07560793.

CVE-2023-42751 [MEDIUM] CWE-787 CVE-2023-42751: In gnss service, there is a possible out of bounds write due to a missing bounds check. This could l In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

CVE-2023-42708 [MEDIUM] CWE-862 CVE-2023-42708: In firewall service, there is a possible way to write permission usage records of an app due to a mi In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE-2023-42731 [MEDIUM] CWE-125 CVE-2023-42731: In Gnss service, there is a possible out of bounds read due to a missing bounds check. This could le In Gnss service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

CVE-2022-40507 [HIGH] CVE-2022-40507: Closed-source component Android Security Bulletin 2023-12-01 CVE: CVE-2022-40507 Severity: CRITICAL Component: Closed-source component References: A-261468680 *

CVE-2023-33022 [HIGH] CVE-2023-33022: Closed-source component Android Security Bulletin 2023-12-01 CVE: CVE-2023-33022 Severity: HIGH Component: Closed-source component References: A-285903201 *

CVE-2022-22076 [HIGH] CVE-2022-22076: Closed-source component Android Security Bulletin 2023-12-01 CVE: CVE-2022-22076 Severity: HIGH Component: Closed-source component References: A-261469325 *

CVE-2023-28551 [HIGH] CVE-2023-28551: Closed-source component Android Security Bulletin 2023-12-01 CVE: CVE-2023-28551 Severity: HIGH Component: Closed-source component References: A-280341572 *

CVE-2023-33107 [HIGH] CVE-2023-33107: Display Android Security Bulletin 2023-12-01 CVE: CVE-2023-33107 Severity: HIGH Component: Display References: A-299649795 QC-CR#3611296

CVE-2023-33081 [HIGH] CVE-2023-33081: Closed-source component Android Security Bulletin 2023-12-01 CVE: CVE-2023-33081 Severity: HIGH Component: Closed-source component References: A-299145668 *

CVE-2023-32804 [HIGH] CVE-2023-32804: Mali Android Security Bulletin 2023-12-01 CVE: CVE-2023-32804 Severity: HIGH Component: Mali References: A-272772567 *

CVE-2023-33017 [HIGH] CVE-2023-33017: Closed-source component Android Security Bulletin 2023-12-01 CVE: CVE-2023-33017 Severity: HIGH Component: Closed-source component References: A-285902412 *

CVE-2023-28587 [HIGH] CVE-2023-28587: Closed-source component Android Security Bulletin 2023-12-01 CVE: CVE-2023-28587 Severity: HIGH Component: Closed-source component References: A-285903202 *

CVE-2023-4272 [MEDIUM] CVE-2023-4272: Mali Android Security Bulletin 2023-12-01 CVE: CVE-2023-4272 Severity: HIGH Component: Mali References: A-296910715 *

CVE-2023-33063 [HIGH] CVE-2023-33063: Kernel Android Security Bulletin 2023-12-01 CVE: CVE-2023-33063 Severity: HIGH Component: Kernel References: A-266568298 QC-CR#3447219 [2]