Multiple vulnerabilities in Google Pixel

1) Information exposure

EUVDB-ID: #VU91825

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32897

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU91815

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-50803

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can perform a denial of service (DoS) attack.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU91816

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32902

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can perform a denial of service (DoS) attack.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU91817

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32923

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can perform a denial of service (DoS) attack.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU91818

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29784

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the lwis subcomponent in Pixel. A local application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU91819

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29787

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the lwis subcomponent in Pixel. A local application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU91820

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32900

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the LWIS subcomponent in Pixel. A local application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

EUVDB-ID: #VU91821

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32903

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the lwis subcomponent in Pixel. A local application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU91822

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32919

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the LWIS subcomponent in Pixel. A local application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper input validation

EUVDB-ID: #VU91823

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32921

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the lwis subcomponent in Pixel. A local application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information exposure

EUVDB-ID: #VU91824

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29778

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Information exposure

EUVDB-ID: #VU91826

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32898

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Information exposure

EUVDB-ID: #VU91813

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32920

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Information exposure

EUVDB-ID: #VU91827

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32904

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Information exposure

EUVDB-ID: #VU91828

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32915

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Information exposure

EUVDB-ID: #VU91829

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32926

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Fingerprint Sensor subcomponent in Pixel. A local application can gain access to sensitive information.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper input validation

EUVDB-ID: #VU91830

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32912

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Telephony subcomponent in Pixel. A local application can perform a denial of service (DoS) attack.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper input validation

EUVDB-ID: #VU91831

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32924

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can perform a denial of service (DoS) attack.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Buffer over-read

EUVDB-ID: #VU91032

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-43537

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

The vulnerability allows a remote attacker to read memory contents or crash the system.

The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can read memory contents or crash the system.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use After Free

EUVDB-ID: #VU91033

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-43543

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in Audio. A local privileged application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use After Free

EUVDB-ID: #VU91034

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-43544

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in Audio. A local privileged application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Integer overflow

EUVDB-ID: #VU91035

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-43545

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in WLAN HOST. A local privileged application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Buffer over-read

EUVDB-ID: #VU91030

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-43555

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in Video. A remote attacker can read and manipulate data.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Information exposure

EUVDB-ID: #VU91814

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32930

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Information exposure

EUVDB-ID: #VU91812

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32918

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Trusty subcomponent in Pixel. A local application can gain access to sensitive information.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper input validation

EUVDB-ID: #VU91799

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-32896

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Pixel Firmwire subcomponent in Pixel. A local application can execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

27) Improper input validation

EUVDB-ID: #VU91797

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32925

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the wlan subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper input validation

EUVDB-ID: #VU91787

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32891

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper input validation

EUVDB-ID: #VU91788

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32892

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Goodix subcomponent in Pixel. A local application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper input validation

EUVDB-ID: #VU91789

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32899

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Mali subcomponent in Pixel. A local application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper input validation

EUVDB-ID: #VU91790

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32906

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the avcp subcomponent in Pixel. A local application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper input validation

EUVDB-ID: #VU91791

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32908

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper input validation

EUVDB-ID: #VU91792

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32909

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the confirmationui subcomponent in Pixel. A local application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper input validation

EUVDB-ID: #VU91793

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32922

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Mali subcomponent in Pixel. A local application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper input validation

EUVDB-ID: #VU91794

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29786

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the CPIF subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper input validation

EUVDB-ID: #VU91795

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32905

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the cpif subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper input validation

EUVDB-ID: #VU91796

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32913

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the WLAN subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper input validation

EUVDB-ID: #VU91798

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32895

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the WLAN subcomponent in Pixel. A local application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Information exposure

EUVDB-ID: #VU91811

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32916

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper input validation

EUVDB-ID: #VU91800

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32901

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the v4l2 subcomponent in Pixel. A local application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper input validation

EUVDB-ID: #VU91801

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32907

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Trusty / TEE subcomponent in Pixel. A local application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper input validation

EUVDB-ID: #VU91802

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32911

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper input validation

EUVDB-ID: #VU91803

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32917

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Trusty OS subcomponent in Pixel. A local application can execute arbitrary code.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Information exposure

EUVDB-ID: #VU91804

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29780

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the hwbcc TA subcomponent in Pixel. A local application can gain access to sensitive information.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Information exposure

EUVDB-ID: #VU91805

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29781

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the GsmSs subcomponent in Pixel. A local application can gain access to sensitive information.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Information exposure

EUVDB-ID: #VU91806

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29785

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Information exposure

EUVDB-ID: #VU91807

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32893

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Information exposure

EUVDB-ID: #VU91808

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32894

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can gain access to sensitive information.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Information exposure

EUVDB-ID: #VU91809

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32910

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the spi TA subcomponent in Pixel. A local application can gain access to sensitive information.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Information exposure

EUVDB-ID: #VU91810

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32914

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

Install update from vendor's website.

Pixel: before 2024-06-05

http://source.android.com/docs/security/bulletin/pixel/2024-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.