SB2024020616 - Multiple vulnerabilities in Google Android
Published: February 6, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 46 vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2023-43520)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN HOST. A remote attacker can read and manipulate data.
2) Buffer over-read (CVE-ID: CVE-2023-43536)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Firmware. A remote attacker can perform a denial of service (DoS) attack.
3) Buffer over-read (CVE-ID: CVE-2023-43533)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Firmware. A remote attacker can perform a denial of service (DoS) attack.
4) Reachable Assertion (CVE-ID: CVE-2023-43523)
CWE-ID: CWE-617 - Reachable Assertion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Firmware. A remote attacker can perform a denial of service (DoS) attack.
5) NULL Pointer Dereference (CVE-ID: CVE-2023-43522)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Firmware. A remote attacker can perform a denial of service (DoS) attack.
6) Buffer overflow (CVE-ID: CVE-2023-43519)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Video. A remote attacker can read and manipulate data.
7) Untrusted Pointer Dereference (CVE-ID: CVE-2023-43518)
CWE-ID: CWE-822 - Untrusted Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Video. A remote attacker can read and manipulate data.
8) Configuration (CVE-ID: CVE-2023-33076)
CWE-ID: CWE-16 - Configuration
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in Core. A local application can read and manipulate data.
9) Buffer overflow (CVE-ID: CVE-2023-33072)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Core. A local application can execute arbitrary code.
10) Buffer over-read (CVE-ID: CVE-2023-33060)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to crash the entire system.
The vulnerability exists due to improper input validation in Core. A local application can crash the entire system.
11) Buffer over-read (CVE-ID: CVE-2023-33058)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Modem. A remote attacker can read and manipulate data.
12) Improper input validation (CVE-ID: CVE-2023-33057)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Multi-Mode Call Processor. A remote attacker can perform a denial of service (DoS) attack.
13) Missing release of memory after effective lifetime (CVE-ID: CVE-2023-33049)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Multi-Mode Call Processor. A remote attacker can perform a denial of service (DoS) attack.
14) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2023-33046)
CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Trusted Execution Environment. A local application can execute arbitrary code.
15) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2023-43534)
CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN HOST. A remote attacker can read and manipulate data.
16) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2023-43516)
CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Video. A local application can execute arbitrary code.
17) Use-after-free (CVE-ID: CVE-2023-5091)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the device.
The vulnerability exists due to a use-after-free error in Arm kernel. A local application can execute arbitrary code on the system with elevated privileges.
18) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2023-43513)
CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in PCIe. A local application can execute arbitrary code.
19) Out-of-bounds read (CVE-ID: CVE-2023-49668)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the cp_dump driver in Kernel. A local application can execute arbitrary code.
20) Buffer over-read (CVE-ID: CVE-2023-49667)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the cp dump driver in Kernel. A local application can execute arbitrary code.
21) Improper input validation (CVE-ID: CVE-2024-20003)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to an improper input validation within Modem NL1. A local application can perform service disruption.
22) Reachable Assertion (CVE-ID: CVE-2023-32843)
CWE-ID: CWE-617 - Reachable Assertion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to improper error handling within 5G Modem. A local application can perform service disruption.
23) Reachable Assertion (CVE-ID: CVE-2023-32842)
CWE-ID: CWE-617 - Reachable Assertion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to improper error handling within 5G Modem. A local application can perform service disruption.
24) Reachable Assertion (CVE-ID: CVE-2023-32841)
CWE-ID: CWE-617 - Reachable Assertion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to improper error handling within 5G Modem. A local application can perform service disruption.
25) Type confusion (CVE-ID: CVE-2024-20010)
CWE-ID: CWE-843 - Type confusion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to type confusion within keyInstall. A local privileged application can execute arbitrary code.
26) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2024-20009)
CWE-ID: CWE-703 - Improper Check or Handling of Exceptional Conditions
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to an incorrect error handling within alac decoder. A local application can execute arbitrary code.
27) Out-of-bounds write (CVE-ID: CVE-2024-20007)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a race condition within mp3 decoder. A local application can execute arbitrary code.
28) Out-of-bounds write (CVE-ID: CVE-2024-20006)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within da. A local privileged application can execute arbitrary code.
29) Out-of-bounds write (CVE-ID: CVE-2024-20011)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to an incorrect bounds check within alac decoder. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
30) Out-of-bounds write (CVE-ID: CVE-2023-5643)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Arm kernel driver. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
31) Use-after-free (CVE-ID: CVE-2023-5249)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the device.
32) Information exposure (CVE-ID: CVE-2024-0030)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
33) Information exposure (CVE-ID: CVE-2023-40122)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
34) Improper input validation (CVE-ID: CVE-2024-0041)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
35) Information exposure (CVE-ID: CVE-2024-0037)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
36) Improper input validation (CVE-ID: CVE-2024-0036)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
37) Improper input validation (CVE-ID: CVE-2024-0034)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
38) Improper input validation (CVE-ID: CVE-2024-0032)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
39) Improper input validation (CVE-ID: CVE-2024-0029)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
40) Improper input validation (CVE-ID: CVE-2024-0038)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
41) Improper input validation (CVE-ID: CVE-2024-0033)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
42) Information exposure (CVE-ID: CVE-2024-0040)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
43) Improper input validation (CVE-ID: CVE-2024-0031)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
44) Information exposure (CVE-ID: CVE-2023-40093)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
45) Improper input validation (CVE-ID: CVE-2024-0014)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
46) Improper input validation (CVE-ID: CVE-2024-0035)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
Remediation
Install update from vendor's website.
References
- https://source.android.com/docs/security/bulletin/2024-02-01
- https://android.googlesource.com/platform/packages/modules/Bluetooth/+/57b823f4f758e2ef530909da07552b5aa80c6a7d
- https://android.googlesource.com/platform/frameworks/base/+/55fc00a0788ea0995fe0851616b9ac21710a2931
- https://android.googlesource.com/platform/frameworks/base/+/d6f7188773409c8f5ad5fc7d3eea5b1751439e26
- https://android.googlesource.com/platform/frameworks/base/+/3eaaa9687e90c65f51762deb343f18bef95d4e8e
- https://android.googlesource.com/platform/frameworks/base/+/653f7b0d234693309dc86161af01831b64033fe6
- https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/5acd646e0cf63e2c9c0862da7e03531ef0074394
- https://android.googlesource.com/platform/frameworks/base/+/4af5db76f25348849252e0b8a08f4a517ef842b7
- https://android.googlesource.com/platform/frameworks/base/+/9b10fd9718f4e6f6843adbfc14e46a93aab93aad
- https://android.googlesource.com/platform/frameworks/base/+/3e88d987235f5a2acd50a9b6bad78dbbf39cb079
- https://android.googlesource.com/platform/frameworks/native/+/aa98edf0ce9dde4886979658a459900ca987f193
- https://android.googlesource.com/platform/system/core/+/46d46dc46446f14f26fbe8fb102dd36c1dfc1229
- https://android.googlesource.com/platform/frameworks/av/+/2ca6c27dc0336fd98f47cfb96dc514efa98e8864
- https://android.googlesource.com/platform/packages/modules/Bluetooth/+/de53890aaca2ae08b3ee2d6e3fd25f702fdfa661
- https://android.googlesource.com/platform/external/pdfium/+/03925281cf25fec70318bf2225356d022b12b566
- https://android.googlesource.com/platform/cts/+/a952c93009cc81c41a086d73a4030a83b7683a04
- https://android.googlesource.com/platform/frameworks/base/+/7b7fff1eb5014d12200a32ff9047da396c7ab6a4