Google Android vulnerabilities

CVE-2023-33106 [HIGH] CVE-2023-33106: Display Android Security Bulletin 2023-12-01 CVE: CVE-2023-33106 Severity: HIGH Component: Display References: A-300941008 QC-CR#3612841

CVE-2023-32837 [HIGH] CWE-787 CVE-2023-32837: In video, there is a possible out of bounds write due to a missing bounds check. This could lead to In video, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08250357.

CVE-2023-32832 [HIGH] CWE-787 CVE-2023-32832: In video, there is a possible memory corruption due to a race condition. This could lead to local es In video, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08235273.

CVE-2023-32834 [MEDIUM] CWE-843 CVE-2023-32834: In secmem, there is a possible memory corruption due to type confusion. This could lead to local esc In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS08161762.

CVE-2023-32818 [MEDIUM] CWE-843 CVE-2023-32818: In vdec, there is a possible out of bounds write due to type confusion. This could lead to local esc In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715.

CVE-2023-32825 [MEDIUM] CWE-125 CVE-2023-32825: In bluethooth service, there is a possible out of bounds reads due to improper input validation. Thi In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07884130; Issue ID: ALPS07884130.

CVE-2023-32835 [MEDIUM] CWE-843 CVE-2023-32835: In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918.

CVE-2023-32836 [MEDIUM] CWE-787 CVE-2023-32836: In display, there is a possible out of bounds write due to an integer overflow. This could lead to l In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08126725; Issue ID: ALPS08126725.

CVE-2023-32839 [MEDIUM] CWE-787 CVE-2023-32839: In dpe, there is a possible out of bounds write due to a missing valid range checking. This could le In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576.

CVE-2023-32838 [MEDIUM] CWE-787 CVE-2023-32838: In dpe, there is a possible out of bounds write due to a missing valid range checking. This could le In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805.

CVE-2023-33045 [CRITICAL] CVE-2023-33045: Closed-source component Android Security Bulletin 2023-11-01 CVE: CVE-2023-33045 Severity: CRITICAL Component: Closed-source component References: A-295019170 *

CVE-2023-28574 [CRITICAL] CVE-2023-28574: Closed-source component Android Security Bulletin 2023-11-01 CVE: CVE-2023-28574 Severity: CRITICAL Component: Closed-source component References: A-280342089 *

CVE-2023-21671 [CRITICAL] CVE-2023-21671: Closed-source component Android Security Bulletin 2023-11-01 CVE: CVE-2023-21671 Severity: CRITICAL Component: Closed-source component References: A-280342069 *

CVE-2023-22388 [CRITICAL] CVE-2023-22388: Closed-source component Android Security Bulletin 2023-11-01 CVE: CVE-2023-22388 Severity: CRITICAL Component: Closed-source component References: A-280341977 *

CVE-2023-33056 [HIGH] CVE-2023-33056: Closed-source component Android Security Bulletin 2023-11-01 CVE: CVE-2023-33056 Severity: HIGH Component: Closed-source component References: A-295039159 *

CVE-2023-33061 [HIGH] CVE-2023-33061: Closed-source component Android Security Bulletin 2023-11-01 CVE: CVE-2023-33061 Severity: HIGH Component: Closed-source component References: A-295039730 *

CVE-2023-28469 [MEDIUM] CVE-2023-28469: Mali Android Security Bulletin 2023-11-01 CVE: CVE-2023-28469 Severity: HIGH Component: Mali References: A-274006187 *

CVE-2023-28556 [HIGH] CVE-2023-28556: Closed-source component Android Security Bulletin 2023-11-01 CVE: CVE-2023-28556 Severity: HIGH Component: Closed-source component References: A-280342072 *

CVE-2023-33074 [HIGH] CVE-2023-33074: Audio Android Security Bulletin 2023-11-01 CVE: CVE-2023-33074 Severity: HIGH Component: Audio References: A-295039157 QC-CR#3434828

CVE-2023-24852 [HIGH] CVE-2023-24852: Closed-source component Android Security Bulletin 2023-11-01 CVE: CVE-2023-24852 Severity: HIGH Component: Closed-source component References: A-280342090 *