Android
by Google
CVEs (4,711)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-47033 | 0.00 | — | 0.00 | Oct 25, 2024 | In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47031 | 0.00 | — | 0.00 | Oct 25, 2024 | Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-329163861. | |||
| CVE-2024-47030 | 0.00 | — | 0.00 | Oct 25, 2024 | Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818. | |||
| CVE-2024-47029 | 0.00 | — | 0.00 | Oct 25, 2024 | In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trusty_shared_memory_manager.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User… | |||
| CVE-2024-47028 | 0.00 | — | 0.00 | Oct 25, 2024 | In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47027 | 0.00 | — | 0.00 | Oct 25, 2024 | In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2024-47026 | 0.00 | — | 0.00 | Oct 25, 2024 | In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47025 | 0.00 | — | 0.00 | Oct 25, 2024 | In ppmp_protect_buf of drm_fw.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47024 | 0.00 | — | 0.00 | Oct 25, 2024 | In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47023 | 0.00 | — | 0.00 | Oct 25, 2024 | there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47022 | 0.00 | — | 0.00 | Oct 25, 2024 | Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656. | |||
| CVE-2024-47021 | 0.00 | — | 0.00 | Oct 25, 2024 | In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47020 | 0.00 | — | 0.00 | Oct 25, 2024 | Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488. | |||
| CVE-2024-47019 | 0.00 | — | 0.00 | Oct 25, 2024 | In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. | |||
| CVE-2024-47018 | 0.00 | — | 0.00 | Oct 25, 2024 | In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47017 | 0.00 | — | 0.00 | Oct 25, 2024 | In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47016 | 0.00 | — | 0.00 | Oct 25, 2024 | there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-47015 | 0.00 | — | 0.00 | Oct 25, 2024 | In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for… | |||
| CVE-2024-47014 | 0.00 | — | 0.00 | Oct 25, 2024 | Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292. | |||
| CVE-2024-47013 | 0.00 | — | 0.00 | Oct 25, 2024 | In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
- CVE-2024-47033Oct 25, 2024risk 0.00cvss —epss 0.00
In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47031Oct 25, 2024risk 0.00cvss —epss 0.00
Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-329163861.
- CVE-2024-47030Oct 25, 2024risk 0.00cvss —epss 0.00
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818.
- CVE-2024-47029Oct 25, 2024risk 0.00cvss —epss 0.00
In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trusty_shared_memory_manager.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User…
- CVE-2024-47028Oct 25, 2024risk 0.00cvss —epss 0.00
In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47027Oct 25, 2024risk 0.00cvss —epss 0.00
In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- CVE-2024-47026Oct 25, 2024risk 0.00cvss —epss 0.00
In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47025Oct 25, 2024risk 0.00cvss —epss 0.00
In ppmp_protect_buf of drm_fw.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47024Oct 25, 2024risk 0.00cvss —epss 0.00
In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47023Oct 25, 2024risk 0.00cvss —epss 0.00
there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47022Oct 25, 2024risk 0.00cvss —epss 0.00
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656.
- CVE-2024-47021Oct 25, 2024risk 0.00cvss —epss 0.00
In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47020Oct 25, 2024risk 0.00cvss —epss 0.00
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488.
- CVE-2024-47019Oct 25, 2024risk 0.00cvss —epss 0.00
In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.
- CVE-2024-47018Oct 25, 2024risk 0.00cvss —epss 0.00
In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47017Oct 25, 2024risk 0.00cvss —epss 0.00
In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47016Oct 25, 2024risk 0.00cvss —epss 0.00
there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-47015Oct 25, 2024risk 0.00cvss —epss 0.00
In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for…
- CVE-2024-47014Oct 25, 2024risk 0.00cvss —epss 0.00
Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292.
- CVE-2024-47013Oct 25, 2024risk 0.00cvss —epss 0.00
In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Page 216 of 236