Multiple vulnerabilities in Google Pixel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 33 |
| CVE-ID | CVE-2023-22383 CVE-2023-48411 CVE-2023-48412 CVE-2023-48413 CVE-2023-48415 CVE-2023-48422 CVE-2023-48416 CVE-2023-22668 CVE-2023-48404 CVE-2023-28575 CVE-2023-28579 CVE-2023-28580 CVE-2023-21634 CVE-2023-33024 CVE-2023-33041 CVE-2023-48408 CVE-2023-48403 CVE-2023-48421 CVE-2023-48410 CVE-2023-41111 CVE-2023-48423 CVE-2023-48402 CVE-2023-48405 CVE-2023-48407 CVE-2023-48409 CVE-2023-37366 CVE-2023-48401 CVE-2023-48406 CVE-2023-48414 CVE-2023-48420 CVE-2023-48397 CVE-2023-48398 CVE-2023-48399 |
| CWE-ID | CWE-416 CWE-200 CWE-20 CWE-823 CWE-120 CWE-119 CWE-617 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Pixel Mobile applications / Mobile firmware & hardware |
| Vendor |
Security Bulletin
This security bulletin contains information about 33 vulnerabilities.
1) Use After Free
EUVDB-ID: #VU83672
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22383
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Camera. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information exposure
EUVDB-ID: #VU83950
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48411
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information exposure
EUVDB-ID: #VU83951
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48412
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the gchips subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information exposure
EUVDB-ID: #VU83952
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48413
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the exynos-ril subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information exposure
EUVDB-ID: #VU83953
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48415
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the exynos-ril subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information exposure
EUVDB-ID: #VU83954
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48422
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the exynos-ril subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper input validation
EUVDB-ID: #VU83955
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48416
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use After Free
EUVDB-ID: #VU83673
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22668
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Information exposure
EUVDB-ID: #VU83948
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48404
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the exynos-ril subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use of Out-of-range Pointer Offset
EUVDB-ID: #VU79037
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28575
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Camera Driver. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU83674
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28579
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in WLAN Host. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer overflow
EUVDB-ID: #VU83675
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28580
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in WLAN Host. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory corruption
EUVDB-ID: #VU83662
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21634
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Radio Interface Layer. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Buffer overflow
EUVDB-ID: #VU83663
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33024
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Radio Interface Layer. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Reachable Assertion
EUVDB-ID: #VU83664
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33041
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Firmware. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Information exposure
EUVDB-ID: #VU83949
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48408
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Information exposure
EUVDB-ID: #VU83947
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48403
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper input validation
EUVDB-ID: #VU83931
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48421
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the mali_kbase subcomponent in Kernel components. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Information exposure
EUVDB-ID: #VU83938
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48410
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper input validation
EUVDB-ID: #VU83932
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-41111
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the ShannonRcs subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper input validation
EUVDB-ID: #VU83933
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48423
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Exynos subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper input validation
EUVDB-ID: #VU83934
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48402
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper input validation
EUVDB-ID: #VU83935
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48405
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper input validation
EUVDB-ID: #VU83936
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48407
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the bootloader subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper input validation
EUVDB-ID: #VU83937
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48409
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Pixel GPU kernel module subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper input validation
EUVDB-ID: #VU83939
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37366
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Cellular Baseband subcomponent in Pixel. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Information exposure
EUVDB-ID: #VU83946
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48401
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper input validation
EUVDB-ID: #VU83940
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48406
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Modem OTP subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper input validation
EUVDB-ID: #VU83941
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48414
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Pixel Camera Driver subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper input validation
EUVDB-ID: #VU83942
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48420
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Camera subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Information exposure
EUVDB-ID: #VU83943
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48397
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the exynos-ril subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Information exposure
EUVDB-ID: #VU83944
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48398
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Information exposure
EUVDB-ID: #VU83945
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48399
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2023-12-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2023-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
