SB2024040331 - Multiple vulnerabilities in Google Pixel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024040331

SB2024040331 - Multiple vulnerabilities in Google Pixel

Published: April 3, 2024 Updated: April 3, 2024

Security Bulletin ID SB2024040331
Severity
High
Patch available
YES
Number of vulnerabilities 25
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

High 4% Medium 4% Low 92%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 25 secuirty vulnerabilities.


1) Information exposure (CVE-ID: CVE-2024-29747)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


2) Buffer overflow (CVE-ID: CVE-2023-43515)

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in HLOS. A local application can read and manipulate data.


3) Information exposure (CVE-ID: CVE-2024-29742)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


4) Information exposure (CVE-ID: CVE-2024-29739)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


5) Improper input validation (CVE-ID: CVE-2024-29756)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the audio subcomponent in Pixel. A local application can execute arbitrary code.


6) Improper input validation (CVE-ID: CVE-2024-29746)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the acpm subcomponent in Pixel. A local application can execute arbitrary code.


7) Information exposure (CVE-ID: CVE-2024-29783)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


8) Information exposure (CVE-ID: CVE-2024-29782)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


9) Information exposure (CVE-ID: CVE-2024-29755)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


10) Information exposure (CVE-ID: CVE-2024-29754)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


11) Information exposure (CVE-ID: CVE-2024-29751)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the GSC subcomponent in Pixel. A local application can gain access to sensitive information.


12) Information exposure (CVE-ID: CVE-2024-29750)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the GSC subcomponent in Pixel. A local application can gain access to sensitive information.


13) Information exposure (CVE-ID: CVE-2024-29744)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


14) Information exposure (CVE-ID: CVE-2024-29745)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the bootloader subcomponent in Pixel. A local application can gain access to sensitive information.

Note, the vulnerability is being actively exploited in the wild.


15) Information exposure (CVE-ID: CVE-2024-29738)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


16) Information exposure (CVE-ID: CVE-2024-27232)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the GSC subcomponent in Pixel. A local application can gain access to sensitive information.


17) Information exposure (CVE-ID: CVE-2024-27231)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


18) Improper input validation (CVE-ID: CVE-2024-29757)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Companion subcomponent in Pixel. A local application can execute arbitrary code.


19) Improper input validation (CVE-ID: CVE-2024-29753)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.


20) Improper input validation (CVE-ID: CVE-2024-29752)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.


21) Improper input validation (CVE-ID: CVE-2024-29749)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.


22) Improper input validation (CVE-ID: CVE-2024-29743)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.


23) Improper input validation (CVE-ID: CVE-2024-29741)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the S2MPU subcomponent in Pixel. A local application can execute arbitrary code.


24) Improper input validation (CVE-ID: CVE-2024-29740)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.


25) Improper input validation (CVE-ID: CVE-2024-29748)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Pixel Firmware subcomponent in Pixel. A local application can execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.


Remediation

Install update from vendor's website.

References