Multiple vulnerabilities in Google Android
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 35 |
| CVE-ID | CVE-2024-33050 CVE-2024-33051 CVE-2024-33016 CVE-2024-23365 CVE-2024-23364 CVE-2024-23362 CVE-2024-23359 CVE-2024-23358 CVE-2024-33060 CVE-2024-33057 CVE-2024-33054 CVE-2024-33048 CVE-2024-36972 CVE-2024-33045 CVE-2024-33043 CVE-2024-33038 CVE-2024-33035 CVE-2024-33034 CVE-2024-33052 CVE-2024-33042 CVE-2024-39432 CVE-2024-39431 CVE-2024-31336 CVE-2024-23716 CVE-2024-3655 CVE-2024-40656 CVE-2024-40658 CVE-2024-40652 CVE-2024-40659 CVE-2024-40654 CVE-2024-40655 CVE-2024-40657 CVE-2024-40662 CVE-2024-40650 CVE-2024-32896 |
| CWE-ID | CWE-126 CWE-119 CWE-416 CWE-20 CWE-120 CWE-125 CWE-562 CWE-822 CWE-190 CWE-121 CWE-200 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #35 is being exploited in the wild. |
| Vulnerable software |
Google Android Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains information about 35 vulnerabilities.
1) Buffer over-read
EUVDB-ID: #VU96694
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-33050
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host Communication. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer over-read
EUVDB-ID: #VU96686
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-33051
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to no check for IE length in WLAN Firmware. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU96684
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-33016
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in Storage. A local attacker can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use After Free
EUVDB-ID: #VU96683
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23365
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in SCE-Mink. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer over-read
EUVDB-ID: #VU96682
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-23364
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Firmware. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU96681
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23362
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in Trusted Execution Environment. A local application can read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer over-read
EUVDB-ID: #VU96680
Risk: High
CVSSv4.0: 6.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23359
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Multi Mode Call Processor. A remote attacker can read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer over-read
EUVDB-ID: #VU96679
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-23358
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Multi Mode Call Processor. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use After Free
EUVDB-ID: #VU96697
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-33060
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in DSP Service. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer over-read
EUVDB-ID: #VU96696
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-33057
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host Communication. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU96695
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-33054
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Computer Vision. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer over-read
EUVDB-ID: #VU96693
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-33048
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU91664
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36972
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the queue_oob(), unix_stream_recv_urg() and manage_oob() functions in net/unix/af_unix.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Return of Stack Variable Address
EUVDB-ID: #VU96692
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-33045
CWE-ID:
CWE-562 - Return of Stack Variable Address
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Buses. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer over-read
EUVDB-ID: #VU96691
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-33043
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in FM Host. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Untrusted Pointer Dereference
EUVDB-ID: #VU96690
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-33038
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Computer Vision. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Integer overflow
EUVDB-ID: #VU96689
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-33035
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Display. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use After Free
EUVDB-ID: #VU95372
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-33034
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics Linux. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Buffer overflow
EUVDB-ID: #VU96688
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-33052
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in FM Host. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Buffer overflow
EUVDB-ID: #VU96687
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-33042
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in FM Host. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Stack-based buffer overflow
EUVDB-ID: #VU96753
Risk: High
CVSSv4.0: 5.2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-39432
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the UMTS RLC driver in Modem. A remote attacker can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Stack-based buffer overflow
EUVDB-ID: #VU96754
Risk: High
CVSSv4.0: 5.2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-39431
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the UMTS RLC driver in Modem. A remote attacker can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Buffer overflow
EUVDB-ID: #VU96766
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-31336
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in PowerVR-GPU component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Buffer overflow
EUVDB-ID: #VU96765
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23716
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in PowerVR-GPU component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU96764
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-3655
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error. A local user can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-05, 12 2024-09-05, 13 2024-09-05, 14 2024-09-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Information exposure
EUVDB-ID: #VU96762
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40656
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2024-09-01, 12L 2024-09-01, 13 2024-09-01, 14 2024-09-01
CPE2.3https://android.googlesource.com/platform/packages/services/Telecomm/+/f3e6a6c02439401eb7aeb3749ee5ec0b51a625b9
https://source.android.com/docs/security/bulletin/2024-09-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper input validation
EUVDB-ID: #VU96755
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40658
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2024-09-01, 12L 2024-09-01, 13 2024-09-01, 14 2024-09-01
CPE2.3https://android.googlesource.com/platform/frameworks/av/+/6d23fa05a40e5462d4b9bad28afa932e6e12a4f3
https://source.android.com/docs/security/bulletin/2024-09-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper input validation
EUVDB-ID: #VU96758
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40652
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2024-09-01, 12L 2024-09-01, 13 2024-09-01, 14 2024-09-01
CPE2.3https://android.googlesource.com/platform/packages/apps/Settings/+/2909433f7d59dcdd0c74044b1c8e9f48927193dc
https://source.android.com/docs/security/bulletin/2024-09-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper input validation
EUVDB-ID: #VU96763
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40659
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 14 2024-09-01
CPE2.3https://android.googlesource.com/platform/packages/modules/RemoteKeyProvisioning/+/c65dce4c6d8d54e47dce79a56e29e2223a2354e6
https://source.android.com/docs/security/bulletin/2024-09-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper input validation
EUVDB-ID: #VU96759
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40654
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2024-09-01, 12L 2024-09-01, 13 2024-09-01, 14 2024-09-01
CPE2.3https://android.googlesource.com/platform/packages/apps/Settings/+/f1d0079c91734168c150f839168544f407b17b06
https://source.android.com/docs/security/bulletin/2024-09-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper input validation
EUVDB-ID: #VU96760
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40655
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2024-09-01, 12L 2024-09-01, 13 2024-09-01, 14 2024-09-01
CPE2.3https://android.googlesource.com/platform/packages/services/Telecomm/+/eeef54b37a362f506ea3aa155baddc545b6a909a
https://source.android.com/docs/security/bulletin/2024-09-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper input validation
EUVDB-ID: #VU96761
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40657
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2024-09-01, 12L 2024-09-01, 13 2024-09-01, 14 2024-09-01
CPE2.3https://android.googlesource.com/platform/packages/apps/Settings/+/8261e0ade3b414fea61d7fe9d8bc6df7a3fc8603
https://source.android.com/docs/security/bulletin/2024-09-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper input validation
EUVDB-ID: #VU96756
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40662
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2024-09-01, 12L 2024-09-01, 13 2024-09-01, 14 2024-09-01
CPE2.3https://android.googlesource.com/platform/frameworks/base/+/e7af00cafb52a25933ec4edb80c5111d42af0237
https://source.android.com/docs/security/bulletin/2024-09-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper input validation
EUVDB-ID: #VU96757
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40650
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2024-09-01, 12L 2024-09-01, 13 2024-09-01, 14 2024-09-01
CPE2.3https://android.googlesource.com/platform/packages/apps/Settings/+/2968ccc911956fa5813a9a6a5e5c8970e383a60f
https://source.android.com/docs/security/bulletin/2024-09-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper input validation
EUVDB-ID: #VU91799
Risk: High
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-32896
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Pixel Firmwire subcomponent in Pixel. A local application can execute arbitrary code.
Note, the vulnerability is being actively exploited in the wild.
Install security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-09-01, 12 2024-09-01, 13 2024-09-01, 14 2024-09-01
CPE2.3https://source.android.com/docs/security/bulletin/2024-09-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
