Multiple vulnerabilities in Google Android

1) Use-after-free

EUVDB-ID: #VU102381

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43704

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in PVRSRVAcquireProcessHandleBase. A local application can cause psProcessHandleBase reuse when PIDs are reused and escalate privileges on the system.

Install update from vendor's website.

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Stack-based buffer overflow

EUVDB-ID: #VU102340

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-20154

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to a missing bounds check within Modem. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Install update from vendor's website.

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds write

EUVDB-ID: #VU102345

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-20146

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within wlan. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Install update from vendor's website.

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds write

EUVDB-ID: #VU102346

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-20148

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within wlan. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Install update from vendor's website.

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds write

EUVDB-ID: #VU102347

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-20105

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within m4u. A local application can execute arbitrary code.

Install update from vendor's website.

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds write

EUVDB-ID: #VU102341

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-20140

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within power. A local application can execute arbitrary code.

Install update from vendor's website.

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds write

EUVDB-ID: #VU102342

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-20143

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within DA. A local application can execute arbitrary code.

Install update from vendor's website.

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds write

EUVDB-ID: #VU102343

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-20144

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within DA. A local application can execute arbitrary code.

Install update from vendor's website.

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds write

EUVDB-ID: #VU102344

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-20145

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within DA. A local application can execute arbitrary code.

Install update from vendor's website.

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU102329

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-21464

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Data Network Stack & Connectivity. A local application can execute arbitrary code.

Install update from vendor's website.

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use After Free

EUVDB-ID: #VU102330

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45553

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in DSP Services. A local application can execute arbitrary code.

Install update from vendor's website.

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer over-read

EUVDB-ID: #VU102331

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-45558

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in WLAN Host Cmn. A remote attacker can perform a denial of service (DoS) attack.

Install update from vendor's website.

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper input validation

EUVDB-ID: #VU93579

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-34722

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 12L 2025-01-01, 12 2025-01-01, 13 2025-01-01, 14 2025-01-01

https://android.googlesource.com/platform/packages/modules/Bluetooth/+/456f705b9acc78d8184536baff3d21b0bc11c957
https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper input validation

EUVDB-ID: #VU102380

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49736

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.

Install security update from vendor's website.

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper input validation

EUVDB-ID: #VU102379

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43763

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.

Install security update from vendor's website.

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Information exposure

EUVDB-ID: #VU102378

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49734

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.

Install security update from vendor's website.

Google Android: before 14 2025-01-01, 15 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper input validation

EUVDB-ID: #VU102374

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-34730

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper input validation

EUVDB-ID: #VU102372

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-49748

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Install security update from vendor's website.

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper input validation

EUVDB-ID: #VU102370

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-43771

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Install security update from vendor's website.

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper input validation

EUVDB-ID: #VU102369

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-43770

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Install security update from vendor's website.

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper input validation

EUVDB-ID: #VU102368

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-43096

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Install security update from vendor's website.

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper input validation

EUVDB-ID: #VU102367

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-40132

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Media Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Information exposure

EUVDB-ID: #VU102366

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49733

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.

Install security update from vendor's website.

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Information exposure

EUVDB-ID: #VU102365

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-40108

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.

Install security update from vendor's website.

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper input validation

EUVDB-ID: #VU102362

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49738

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper input validation

EUVDB-ID: #VU102377

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49742

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper input validation

EUVDB-ID: #VU102373

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-49749

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Install security update from vendor's website.

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper input validation

EUVDB-ID: #VU102371

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-49747

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Install security update from vendor's website.

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper input validation

EUVDB-ID: #VU102364

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49745

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper input validation

EUVDB-ID: #VU102363

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49744

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper input validation

EUVDB-ID: #VU102376

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43765

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper input validation

EUVDB-ID: #VU102375

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43095

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper input validation

EUVDB-ID: #VU102359

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49732

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 15 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper input validation

EUVDB-ID: #VU102358

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49724

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper input validation

EUVDB-ID: #VU102360

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49735

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 15 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper input validation

EUVDB-ID: #VU102361

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49737

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

https://source.android.com/docs/security/bulletin/2025-01-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.