Multiple vulnerabilities in Google Pixel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2023-33064 CVE-2023-33065 CVE-2023-33067 CVE-2023-33068 CVE-2023-33069 CVE-2023-33077 CVE-2024-22012 |
| CWE-ID | CWE-126 CWE-823 CWE-120 CWE-254 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Pixel Mobile applications / Mobile firmware & hardware |
| Vendor |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Buffer over-read
EUVDB-ID: #VU86118
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33064
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Audio. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-02-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-02-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer over-read
EUVDB-ID: #VU86119
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33065
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in Audio. A local application can read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-02-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-02-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of Out-of-range Pointer Offset
EUVDB-ID: #VU86120
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33067
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-02-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-02-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU86121
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33068
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-02-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-02-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU86122
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33069
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-02-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-02-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU86113
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33077
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in HLOS. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-02-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-02-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Security features bypass
EUVDB-ID: #VU86142
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22012
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the Bootloader component. A local application can escalate privileges on the device.
Install update from vendor's website.
Vulnerable software versionsPixel: before 2024-02-05
External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-02-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
