Multiple vulnerabilities in Google Android
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 46 |
| CVE-ID | CVE-2024-33019 CVE-2024-23357 CVE-2024-23356 CVE-2024-23355 CVE-2024-23353 CVE-2024-23352 CVE-2024-21481 CVE-2024-23350 CVE-2024-33028 CVE-2024-33027 CVE-2024-33026 CVE-2024-33025 CVE-2024-33024 CVE-2024-33023 CVE-2024-33020 CVE-2024-33018 CVE-2024-36971 CVE-2024-23382 CVE-2024-2937 CVE-2024-4607 CVE-2024-31333 CVE-2024-20082 CVE-2024-21478 CVE-2024-23381 CVE-2024-23383 CVE-2024-33015 CVE-2024-23384 CVE-2024-33010 CVE-2024-33011 CVE-2024-33012 CVE-2024-33013 CVE-2024-33014 CVE-2024-34741 CVE-2024-34739 CVE-2024-34737 CVE-2024-34735 CVE-2024-34734 CVE-2024-34731 CVE-2024-34742 CVE-2024-34738 CVE-2024-34727 CVE-2024-34736 CVE-2024-34743 CVE-2024-34740 CVE-2023-20971 CVE-2023-21351 |
| CWE-ID | CWE-126 CWE-476 CWE-119 CWE-835 CWE-617 CWE-416 CWE-284 CWE-190 CWE-20 CWE-704 CWE-200 CWE-264 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #17 is being exploited in the wild. Public exploit code for vulnerability #33 is available. Public exploit code for vulnerability #34 is available. |
| Vulnerable software |
Google Android Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains information about 46 vulnerabilities.
1) Buffer over-read
EUVDB-ID: #VU95362
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33019
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3 External linkshttp://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL Pointer Dereference
EUVDB-ID: #VU95349
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23357
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in HLOS. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU95348
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23356
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in HLOS. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory corruption
EUVDB-ID: #VU95347
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23355
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Automotive. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer over-read
EUVDB-ID: #VU95346
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23353
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Multi Mode Call Processor. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Loop with Unreachable Exit Condition ('Infinite Loop')
EUVDB-ID: #VU95345
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23352
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Multi Mode Call Processor. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory corruption
EUVDB-ID: #VU95344
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21481
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Hypervisor. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Reachable Assertion
EUVDB-ID: #VU95343
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23350
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Multi Mode Call Processor. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use After Free
EUVDB-ID: #VU95371
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33028
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Automotive Telematics. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper Access Control
EUVDB-ID: #VU95370
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33027
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics Linux. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer over-read
EUVDB-ID: #VU95369
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33026
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer over-read
EUVDB-ID: #VU95368
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33025
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Integer overflow
EUVDB-ID: #VU95367
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33024
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use After Free
EUVDB-ID: #VU95366
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33023
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics Linux. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer over-read
EUVDB-ID: #VU95363
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33020
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN HOST. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer over-read
EUVDB-ID: #VU95361
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33018
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU91597
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2024-36971
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
18) Use After Free
EUVDB-ID: #VU95352
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23382
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics Linux. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU95390
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-2937
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error. A local user can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU95391
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-4607
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Input validation error
EUVDB-ID: #VU95389
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-31333
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Memory corruption
EUVDB-ID: #VU95375
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20082
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to a missing bounds check within Modem. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Type conversion
EUVDB-ID: #VU91031
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21478
CWE-ID:
CWE-704 - Type conversion
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Graphics. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use After Free
EUVDB-ID: #VU95351
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23381
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics Linux. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use After Free
EUVDB-ID: #VU95353
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23383
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics Linux. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Buffer over-read
EUVDB-ID: #VU95360
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33015
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use After Free
EUVDB-ID: #VU95354
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23384
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics Linux. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Use After Free
EUVDB-ID: #VU95355
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33010
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Buffer over-read
EUVDB-ID: #VU95356
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33011
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Buffer over-read
EUVDB-ID: #VU95357
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33012
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Buffer over-read
EUVDB-ID: #VU95358
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33013
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Buffer over-read
EUVDB-ID: #VU95359
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33014
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-05, 12 2024-08-05, 13 2024-08-05, 14 2024-08-05
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper input validation
EUVDB-ID: #VU95384
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-34741
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2024-08-01, 12L 2024-08-01, 13 2024-08-01, 14 2024-08-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/abfaf702ef833dc4d374492d45c615c6e6de7f01
http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
34) Improper input validation
EUVDB-ID: #VU95382
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-34739
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2024-08-01, 12L 2024-08-01, 13 2024-08-01, 14 2024-08-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/50e1f8f36e32928d10e72324c05a203a6db9f7fb
http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
35) Improper input validation
EUVDB-ID: #VU95380
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34737
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2024-08-01, 12L 2024-08-01, 13 2024-08-01, 14 2024-08-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/8b473b3f79642f42eeeffbfe572df6c6cbe9d79e
http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper input validation
EUVDB-ID: #VU95379
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34735
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2024-08-01, 12L 2024-08-01, 13 2024-08-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/26522c0e82fd3a9bcbd01409217291d97dcdabcf
http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Improper input validation
EUVDB-ID: #VU95378
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34734
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2024-08-01, 14 2024-08-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/207584fb6f820eba14251251d7e9331bfd57adb8
http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Improper input validation
EUVDB-ID: #VU95377
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34731
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2024-08-01, 12L 2024-08-01, 13 2024-08-01, 14 2024-08-01
CPE2.3http://android.googlesource.com/platform/hardware/interfaces/+/0ff19d1f89614fce9454fb415bcbfcbcf3caf76e
http://android.googlesource.com/platform/frameworks/av/+/4b68b00993849b6a7f0e6d075bc2c8bb2e184e61
http://android.googlesource.com/platform/hardware/interfaces/+/d63d09261806f7f1aa01406867f2a9e169356fca
http://android.googlesource.com/platform/system/security/+/d3805312d73433e34ef69a645b553a2969c5dc93
http://android.googlesource.com/platform/system/nfc/+/1037992b9abcde1e3560bd895f62644a68563b3d
http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Improper input validation
EUVDB-ID: #VU95387
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34742
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 14 2024-08-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/688e5c3012eb0a4ea88361588cf5026c10e4a42c
http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper input validation
EUVDB-ID: #VU95381
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34738
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2024-08-01, 14 2024-08-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/21d764807b3dcd402d63e2b4c9fbae1c9965400a
http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Information exposure
EUVDB-ID: #VU95388
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34727
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2024-08-01, 12L 2024-08-01, 13 2024-08-01, 14 2024-08-01
CPE2.3http://android.googlesource.com/platform/packages/modules/Bluetooth/+/6afad4b377b5bc3f38b28296e746b674173f99d8
http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Information exposure
EUVDB-ID: #VU95386
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34736
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2024-08-01, 12L 2024-08-01, 13 2024-08-01, 14 2024-08-01
CPE2.3http://android.googlesource.com/platform/frameworks/av/+/6cfd048292b2cc706811a22c9078208cfa8e6d24
http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Improper input validation
EUVDB-ID: #VU95385
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34743
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 14 2024-08-01
CPE2.3http://android.googlesource.com/platform/frameworks/native/+/3f85323b27d95a57bfa87cbf68dd4a143f9f88ad
http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Improper input validation
EUVDB-ID: #VU95383
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34740
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2024-08-01, 12L 2024-08-01, 13 2024-08-01, 14 2024-08-01
CPE2.3http://android.googlesource.com/platform/frameworks/libs/modules-utils/+/700c28908051ceb55e1456d2d21229bc17c6895a
http://android.googlesource.com/platform/frameworks/base/+/e8b6505647be558ed3a167a1e13c53dfc227d22b
http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU73279
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20971
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in in Android Framework. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-08-01, 12 2024-08-01, 13 2024-08-01, 14 2024-08-01
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Improper input validation
EUVDB-ID: #VU81520
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21351
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2024-08-01, 12L 2024-08-01, 13 2024-08-01
CPE2.3http://source.android.com/docs/security/bulletin/2024-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
