SB2024020611 - Multiple vulnerabilities in Google Pixel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024020611

SB2024020611 - Multiple vulnerabilities in Google Pixel

Published: February 6, 2024

Security Bulletin ID SB2024020611
Severity
Low
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Buffer over-read (CVE-ID: CVE-2023-33064)

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in Audio. A local application can perform a denial of service (DoS) attack.


2) Buffer over-read (CVE-ID: CVE-2023-33065)

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in Audio. A local application can read and manipulate data.


3) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2023-33067)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in Audio. A local privileged application can execute arbitrary code.


4) Buffer overflow (CVE-ID: CVE-2023-33068)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in Audio. A local privileged application can execute arbitrary code.


5) Buffer overflow (CVE-ID: CVE-2023-33069)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in Audio. A local privileged application can execute arbitrary code.


6) Buffer overflow (CVE-ID: CVE-2023-33077)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in HLOS. A local privileged application can execute arbitrary code.


7) Security features bypass (CVE-ID: CVE-2024-22012)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to an unspecified error in the Bootloader component. A local application can escalate privileges on the device.


Remediation

Install update from vendor's website.

References