Main Vulnerability Database SB2024101598

SB2024101598 - Multiple vulnerabilities in Google Pixel

Published: October 15, 2024

Security Bulletin ID SB2024101598

Severity

Low

Patch available

YES

Number of vulnerabilities 29

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 29 secuirty vulnerabilities.

1) Information exposure (CVE-ID: CVE-2024-28818)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the modem subcomponent in Pixel. A local application can gain access to sensitive information.

2) Information exposure (CVE-ID: CVE-2024-47034)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the NPU firmware subcomponent in Pixel. A local application can gain access to sensitive information.

3) Information exposure (CVE-ID: CVE-2024-47030)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

4) Information exposure (CVE-ID: CVE-2024-47029)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Faceauth subcomponent in Pixel. A local application can gain access to sensitive information.

5) Information exposure (CVE-ID: CVE-2024-47028)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Bootloader subcomponent in Pixel. A local application can gain access to sensitive information.

6) Information exposure (CVE-ID: CVE-2024-47026)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ABL subcomponent in Pixel. A local application can gain access to sensitive information.

7) Information exposure (CVE-ID: CVE-2024-47022)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

8) Information exposure (CVE-ID: CVE-2024-47021)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the SMS subcomponent in Pixel. A local application can gain access to sensitive information.

9) Information exposure (CVE-ID: CVE-2024-47020)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ABL subcomponent in Pixel. A local application can gain access to sensitive information.

10) Information exposure (CVE-ID: CVE-2024-47019)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.

11) Information exposure (CVE-ID: CVE-2024-47015)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.

12) Information exposure (CVE-ID: CVE-2024-44100)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the modem subcomponent in Pixel. A local application can gain access to sensitive information.

13) Information exposure (CVE-ID: CVE-2024-44099)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Tensor subcomponent in Pixel. A local application can gain access to sensitive information.

14) Improper input validation (CVE-ID: CVE-2024-47041)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the TrustyOS subcomponent in Pixel. A local application can execute arbitrary code.

15) Improper input validation (CVE-ID: CVE-2024-47012)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Pixel Modem subcomponent in Pixel. A local application can execute arbitrary code.

16) Improper input validation (CVE-ID: CVE-2024-47033)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the lwis subcomponent in Pixel. A local application can execute arbitrary code.

17) Improper input validation (CVE-ID: CVE-2024-47031)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ABL subcomponent in Pixel. A local application can execute arbitrary code.

18) Improper input validation (CVE-ID: CVE-2024-47014)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ABL subcomponent in Pixel. A local application can execute arbitrary code.

19) Improper input validation (CVE-ID: CVE-2024-44098)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the LWIS subcomponent in Pixel. A local application can execute arbitrary code.

20) Improper input validation (CVE-ID: CVE-2024-44101)

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can perform a denial of service (DoS) attack.

21) Information exposure (CVE-ID: CVE-2024-47025)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can gain access to sensitive information.

22) Information exposure (CVE-ID: CVE-2024-47018)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

23) Improper input validation (CVE-ID: CVE-2024-47023)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can execute arbitrary code.

24) Improper input validation (CVE-ID: CVE-2024-47017)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the abl subcomponent in Pixel. A local application can execute arbitrary code.

25) Improper input validation (CVE-ID: CVE-2024-47013)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.

26) Improper input validation (CVE-ID: CVE-2024-47035)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Trusty subcomponent in Pixel. A local application can execute arbitrary code.

27) Improper input validation (CVE-ID: CVE-2024-47027)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Trusty subcomponent in Pixel. A local application can execute arbitrary code.

28) Improper input validation (CVE-ID: CVE-2024-47024)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Trusty subcomponent in Pixel. A local application can execute arbitrary code.

29) Improper input validation (CVE-ID: CVE-2024-47016)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.

Remediation

Install update from vendor's website.

References

https://source.android.com/docs/security/bulletin/pixel/2024-10-01

SB2024101598 - Multiple vulnerabilities in Google Pixel

Breakdown by Severity

Description

Remediation

References

Please verify you're human