Multiple vulnerabilities in Google Android



Risk High
Patch available YES
Number of vulnerabilities 36
CVE-ID CVE-2024-43704
CVE-2024-20154
CVE-2024-20146
CVE-2024-20148
CVE-2024-20105
CVE-2024-20140
CVE-2024-20143
CVE-2024-20144
CVE-2024-20145
CVE-2024-21464
CVE-2024-45553
CVE-2024-45558
CVE-2024-34722
CVE-2024-49736
CVE-2024-43763
CVE-2024-49734
CVE-2024-34730
CVE-2024-49748
CVE-2024-43771
CVE-2024-43770
CVE-2024-43096
CVE-2023-40132
CVE-2024-49733
CVE-2023-40108
CVE-2024-49738
CVE-2024-49742
CVE-2024-49749
CVE-2024-49747
CVE-2024-49745
CVE-2024-49744
CVE-2024-43765
CVE-2024-43095
CVE-2024-49732
CVE-2024-49724
CVE-2024-49735
CVE-2024-49737
CWE-ID CWE-416
CWE-121
CWE-787
CWE-120
CWE-126
CWE-20
CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software
Google Android
Operating systems & Components / Operating system

Vendor Google

Security Bulletin

This security bulletin contains information about 36 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU102381

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43704

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in PVRSRVAcquireProcessHandleBase. A local application can cause psProcessHandleBase reuse when PIDs are reused and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

CPE2.3 External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Stack-based buffer overflow

EUVDB-ID: #VU102340

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-20154

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to a missing bounds check within Modem. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds write

EUVDB-ID: #VU102345

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-20146

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within wlan. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds write

EUVDB-ID: #VU102346

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-20148

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within wlan. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds write

EUVDB-ID: #VU102347

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-20105

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within m4u. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds write

EUVDB-ID: #VU102341

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-20140

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within power. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds write

EUVDB-ID: #VU102342

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-20143

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within DA. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds write

EUVDB-ID: #VU102343

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-20144

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within DA. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds write

EUVDB-ID: #VU102344

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-20145

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within DA. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU102329

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-21464

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Data Network Stack & Connectivity. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use After Free

EUVDB-ID: #VU102330

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45553

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in DSP Services. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer over-read

EUVDB-ID: #VU102331

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-45558

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in WLAN Host Cmn. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-01-05, 12 2025-01-05, 13 2025-01-05, 14 2025-01-05, 15 2025-01-05

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper input validation

EUVDB-ID: #VU93579

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-34722

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-01-01, 12 2025-01-01, 13 2025-01-01, 14 2025-01-01

CPE2.3
External links

https://android.googlesource.com/platform/packages/modules/Bluetooth/+/456f705b9acc78d8184536baff3d21b0bc11c957
https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper input validation

EUVDB-ID: #VU102380

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49736

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper input validation

EUVDB-ID: #VU102379

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43763

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Information exposure

EUVDB-ID: #VU102378

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49734

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 14 2025-01-01, 15 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper input validation

EUVDB-ID: #VU102374

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-34730

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper input validation

EUVDB-ID: #VU102372

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-49748

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper input validation

EUVDB-ID: #VU102370

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-43771

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper input validation

EUVDB-ID: #VU102369

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-43770

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper input validation

EUVDB-ID: #VU102368

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-43096

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper input validation

EUVDB-ID: #VU102367

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-40132

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Media Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Information exposure

EUVDB-ID: #VU102366

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49733

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Information exposure

EUVDB-ID: #VU102365

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-40108

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper input validation

EUVDB-ID: #VU102362

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49738

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper input validation

EUVDB-ID: #VU102377

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49742

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper input validation

EUVDB-ID: #VU102373

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-49749

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper input validation

EUVDB-ID: #VU102371

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-49747

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper input validation

EUVDB-ID: #VU102364

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49745

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper input validation

EUVDB-ID: #VU102363

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49744

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper input validation

EUVDB-ID: #VU102376

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43765

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper input validation

EUVDB-ID: #VU102375

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43095

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper input validation

EUVDB-ID: #VU102359

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49732

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 15 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper input validation

EUVDB-ID: #VU102358

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49724

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-01-01, 12L 2025-01-01, 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper input validation

EUVDB-ID: #VU102360

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49735

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 15 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper input validation

EUVDB-ID: #VU102361

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49737

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2025-01-01, 14 2025-01-01, 15 2025-01-01

CPE2.3
External links

https://source.android.com/docs/security/bulletin/2025-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###