Multiple vulnerabilities in Google Pixel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 28 |
| CVE-ID | CVE-2023-35661 CVE-2023-22384 CVE-2023-21644 CVE-2023-21636 CVE-2022-40524 CVE-2023-28571 CVE-2023-28539 CVE-2023-21667 CVE-2023-21663 CVE-2023-21655 CVE-2023-21654 CVE-2022-33220 CVE-2023-35663 CVE-2023-35656 CVE-2023-3781 CVE-2023-35652 CVE-2023-35648 CVE-2023-35647 CVE-2023-35660 CVE-2023-35655 CVE-2023-35654 CVE-2023-35645 CVE-2023-35653 CVE-2023-40142 CVE-2023-40141 CVE-2023-35649 CVE-2023-35662 CVE-2023-35646 |
| CWE-ID | CWE-200 CWE-120 CWE-190 CWE-129 CWE-126 CWE-119 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Pixel Mobile applications / Mobile firmware & hardware |
| Vendor |
Security Bulletin
This security bulletin contains information about 28 vulnerabilities.
1) Information exposure
EUVDB-ID: #VU81511
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35661
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU81375
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22384
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in VR Service. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Integer overflow
EUVDB-ID: #VU80381
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21644
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in RIL. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Validation of Array Index
EUVDB-ID: #VU80380
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21636
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Linux. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer over-read
EUVDB-ID: #VU80379
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-40524
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Modem. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer over-read
EUVDB-ID: #VU81380
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28571
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN HOST. A local application can read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU81379
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28539
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN Host. A local application can read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer over-read
EUVDB-ID: #VU80390
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21667
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Bluetooth HOST. A remote application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory corruption
EUVDB-ID: #VU80389
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21663
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Display. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Integer overflow
EUVDB-ID: #VU80388
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21655
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Display. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory corruption
EUVDB-ID: #VU80387
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21654
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer over-read
EUVDB-ID: #VU80386
Risk: Low
CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-33220
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to improper input validation in Automotive multimedia. A local privileged application can read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Information exposure
EUVDB-ID: #VU81512
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35663
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Information exposure
EUVDB-ID: #VU81510
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35656
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper input validation
EUVDB-ID: #VU81496
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3781
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the kernel subcomponent in Kernel components. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Information exposure
EUVDB-ID: #VU81509
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35652
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Information exposure
EUVDB-ID: #VU81508
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35648
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Information exposure
EUVDB-ID: #VU81507
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35647
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper input validation
EUVDB-ID: #VU81506
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35660
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the LWIS subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper input validation
EUVDB-ID: #VU81505
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35655
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Darwinn subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper input validation
EUVDB-ID: #VU81504
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35654
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the vl53l1 driver subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper input validation
EUVDB-ID: #VU81503
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35645
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Edgetpu subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Information exposure
EUVDB-ID: #VU81502
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35653
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the ImsService subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper input validation
EUVDB-ID: #VU81501
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40142
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the oobconfig subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper input validation
EUVDB-ID: #VU81500
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40141
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Kernel subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper input validation
EUVDB-ID: #VU81499
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35649
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Exynos Modem subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper input validation
EUVDB-ID: #VU81498
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35662
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Shannon baseband subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper input validation
EUVDB-ID: #VU81497
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35646
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Shannon baseband subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/pixel/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
