SB2024030444 - Multiple vulnerabilities in Google Pixel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024030444

SB2024030444 - Multiple vulnerabilities in Google Pixel

Published: March 4, 2024

Security Bulletin ID SB2024030444
Severity
High
Patch available
YES
Number of vulnerabilities 54
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 9% Low 91%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 54 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2024-27224)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Little Kernel subcomponent in Pixel. A local application can execute arbitrary code.


2) Information exposure (CVE-ID: CVE-2024-25991)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM/TMU subcomponent in Pixel. A local application can gain access to sensitive information.


3) Information exposure (CVE-ID: CVE-2024-27218)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


4) Information exposure (CVE-ID: CVE-2024-27234)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


5) Information exposure (CVE-ID: CVE-2024-27235)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


6) Improper input validation (CVE-ID: CVE-2024-27229)

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the GsmSs subcomponent in Pixel. A local application can perform a denial of service (DoS) attack.


7) Improper input validation (CVE-ID: CVE-2024-25990)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the CPIF subcomponent in Pixel. A local application can execute arbitrary code.


8) Improper input validation (CVE-ID: CVE-2024-27205)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Bluetooth subcomponent in Pixel. A local application can execute arbitrary code.


9) Improper input validation (CVE-ID: CVE-2024-27207)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Telephony subcomponent in Pixel. A local application can execute arbitrary code.


10) Improper input validation (CVE-ID: CVE-2024-27211)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can execute arbitrary code.


11) Improper input validation (CVE-ID: CVE-2024-27213)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.


12) Improper input validation (CVE-ID: CVE-2024-27222)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the settings subcomponent in Pixel. A local application can execute arbitrary code.


13) Improper input validation (CVE-ID: CVE-2024-27236)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Kernel subcomponent in Pixel. A local application can execute arbitrary code.


14) Information exposure (CVE-ID: CVE-2024-22011)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can gain access to sensitive information.


15) Information exposure (CVE-ID: CVE-2024-22010)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


16) Information exposure (CVE-ID: CVE-2024-25984)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the dumpstate subcomponent in Pixel. A local application can gain access to sensitive information.


17) Information exposure (CVE-ID: CVE-2024-25989)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the GPU driver subcomponent in Pixel. A local application can gain access to sensitive information.


18) Information exposure (CVE-ID: CVE-2024-27206)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can gain access to sensitive information.


19) Information exposure (CVE-ID: CVE-2024-27223)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can gain access to sensitive information.


20) Information exposure (CVE-ID: CVE-2024-27225)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Broadcom bthal subcomponent in Pixel. A local application can gain access to sensitive information.


21) Information exposure (CVE-ID: CVE-2024-27230)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.


22) Information exposure (CVE-ID: CVE-2024-27237)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Bootloader subcomponent in Pixel. A local application can gain access to sensitive information.


23) Improper input validation (CVE-ID: CVE-2023-37368)

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can perform a denial of service (DoS) attack.


24) Buffer over-read (CVE-ID: CVE-2023-33090)

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in Audio. A local application can perform a denial of service (DoS) attack.


25) Buffer over-read (CVE-ID: CVE-2023-33078)

The vulnerability allows a local privileged application to read and manipulate data.

The vulnerability exists due to improper input validation in DSP Services. A local privileged application can read and manipulate data.


26) Information exposure (CVE-ID: CVE-2024-25988)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Pixel Modem subcomponent in Pixel. A local application can gain access to sensitive information.


27) Information exposure (CVE-ID: CVE-2024-22007)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


28) Improper input validation (CVE-ID: CVE-2024-25987)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the PT subcomponent in Kernel components. A local application can execute arbitrary code.


29) Improper input validation (CVE-ID: CVE-2024-27219)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.


30) Improper input validation (CVE-ID: CVE-2023-36481)

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the modem subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.


31) Improper input validation (CVE-ID: CVE-2023-50805)

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Baseband subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.


32) Improper input validation (CVE-ID: CVE-2023-50807)

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Baseband subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.


33) Improper input validation (CVE-ID: CVE-2024-27228)

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the MFC subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.


34) Improper input validation (CVE-ID: CVE-2024-22008)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.


35) Improper input validation (CVE-ID: CVE-2024-22009)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.


36) Improper input validation (CVE-ID: CVE-2024-25986)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can execute arbitrary code.


37) Improper input validation (CVE-ID: CVE-2024-27204)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.


38) Improper input validation (CVE-ID: CVE-2024-27208)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.


39) Improper input validation (CVE-ID: CVE-2024-27210)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.


40) Improper input validation (CVE-ID: CVE-2024-27212)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.


41) Improper input validation (CVE-ID: CVE-2024-27220)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.


42) Information exposure (CVE-ID: CVE-2024-22006)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


43) Improper input validation (CVE-ID: CVE-2024-27221)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.


44) Improper input validation (CVE-ID: CVE-2024-27226)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.


45) Improper input validation (CVE-ID: CVE-2024-27233)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can execute arbitrary code.


46) Improper input validation (CVE-ID: CVE-2024-27227)

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.


47) Improper input validation (CVE-ID: CVE-2023-49927)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can execute arbitrary code.


48) Improper input validation (CVE-ID: CVE-2023-50804)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can execute arbitrary code.


49) Improper input validation (CVE-ID: CVE-2023-50806)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can execute arbitrary code.


50) Improper input validation (CVE-ID: CVE-2024-22005)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the WLAN subcomponent in Pixel. A local application can execute arbitrary code.


51) Improper input validation (CVE-ID: CVE-2024-25985)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the gchip subcomponent in Pixel. A local application can execute arbitrary code.


52) Improper input validation (CVE-ID: CVE-2024-25992)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.


53) Improper input validation (CVE-ID: CVE-2024-25993)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.


54) Improper input validation (CVE-ID: CVE-2024-27209)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can execute arbitrary code.


Remediation

Install update from vendor's website.

References