Multiple vulnerabilities in Google Pixel



Risk Low
Patch available YES
Number of vulnerabilities 29
CVE-ID CVE-2024-28818
CVE-2024-47034
CVE-2024-47030
CVE-2024-47029
CVE-2024-47028
CVE-2024-47026
CVE-2024-47022
CVE-2024-47021
CVE-2024-47020
CVE-2024-47019
CVE-2024-47015
CVE-2024-44100
CVE-2024-44099
CVE-2024-47041
CVE-2024-47012
CVE-2024-47033
CVE-2024-47031
CVE-2024-47014
CVE-2024-44098
CVE-2024-44101
CVE-2024-47025
CVE-2024-47018
CVE-2024-47023
CVE-2024-47017
CVE-2024-47013
CVE-2024-47035
CVE-2024-47027
CVE-2024-47024
CVE-2024-47016
CWE-ID CWE-200
CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software
Pixel
Mobile applications / Mobile firmware & hardware

Vendor Google

Security Bulletin

This security bulletin contains information about 29 vulnerabilities.

1) Information exposure

EUVDB-ID: #VU98584

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-28818

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the modem subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information exposure

EUVDB-ID: #VU98596

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47034

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the NPU firmware subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information exposure

EUVDB-ID: #VU98595

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47030

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information exposure

EUVDB-ID: #VU98594

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47029

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Faceauth subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information exposure

EUVDB-ID: #VU98593

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47028

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Bootloader subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information exposure

EUVDB-ID: #VU98592

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47026

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ABL subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Information exposure

EUVDB-ID: #VU98591

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47022

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Information exposure

EUVDB-ID: #VU98590

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47021

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the SMS subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Information exposure

EUVDB-ID: #VU98589

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47020

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ABL subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Information exposure

EUVDB-ID: #VU98588

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47019

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information exposure

EUVDB-ID: #VU98587

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47015

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Information exposure

EUVDB-ID: #VU98586

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-44100

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the modem subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Information exposure

EUVDB-ID: #VU98585

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-44099

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Tensor subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper input validation

EUVDB-ID: #VU98583

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47041

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the TrustyOS subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper input validation

EUVDB-ID: #VU98568

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47012

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Pixel Modem subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper input validation

EUVDB-ID: #VU98582

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47033

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the lwis subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper input validation

EUVDB-ID: #VU98581

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47031

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ABL subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper input validation

EUVDB-ID: #VU98580

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47014

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ABL subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper input validation

EUVDB-ID: #VU98579

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-44098

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the LWIS subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper input validation

EUVDB-ID: #VU98578

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-44101

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can perform a denial of service (DoS) attack.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Information exposure

EUVDB-ID: #VU98577

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47025

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Information exposure

EUVDB-ID: #VU98576

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47018

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper input validation

EUVDB-ID: #VU98575

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47023

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper input validation

EUVDB-ID: #VU98574

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47017

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the abl subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper input validation

EUVDB-ID: #VU98573

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47013

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper input validation

EUVDB-ID: #VU98572

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47035

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Trusty subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper input validation

EUVDB-ID: #VU98571

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47027

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Trusty subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper input validation

EUVDB-ID: #VU98570

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47024

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Trusty subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper input validation

EUVDB-ID: #VU98569

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47016

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Pixel: before 2024-10-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/pixel/2024-10-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###