Multiple vulnerabilities in Google Android
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 39 |
| CVE-ID | CVE-2024-38405 CVE-2024-43093 CVE-2024-38424 CVE-2024-38403 CVE-2024-23385 CVE-2024-38408 CVE-2024-43047 CVE-2024-38423 CVE-2024-38422 CVE-2024-38421 CVE-2024-38415 CVE-2024-38402 CVE-2024-36978 CVE-2024-21455 CVE-2024-20106 CVE-2024-20104 CVE-2024-34729 CVE-2024-31337 CVE-2024-23715 CVE-2023-35686 CVE-2023-35659 CVE-2024-40671 CVE-2024-34747 CVE-2024-46740 CVE-2024-43083 CVE-2024-43091 CVE-2024-40661 CVE-2024-43084 CVE-2024-43082 CVE-2024-43086 CVE-2024-43090 CVE-2024-43089 CVE-2024-43088 CVE-2024-43087 CVE-2024-43080 CVE-2024-34719 CVE-2024-43085 CVE-2024-43081 CVE-2024-40660 |
| CWE-ID | CWE-126 CWE-20 CWE-416 CWE-617 CWE-310 CWE-120 CWE-190 CWE-125 CWE-822 CWE-843 CWE-787 CWE-200 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #2 is being exploited in the wild. Vulnerability #7 is being exploited in the wild. |
| Vulnerable software |
Google Android Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains information about 39 vulnerabilities.
1) Buffer over-read
EUVDB-ID: #VU99685
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-38405
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU99699
Risk: High
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-43093
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper input validation within the Framework Documents UI component. A local application can execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Google Android: before 13 2024-11-01, 14 2024-11-01, 15 2024-11-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
3) Use After Free
EUVDB-ID: #VU99681
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38424
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in GPS. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer over-read
EUVDB-ID: #VU99676
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-38403
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Firmware. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Reachable Assertion
EUVDB-ID: #VU99675
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-23385
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Modem. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Cryptographic Issues
EUVDB-ID: #VU99674
Risk: High
CVSSv4.0: 6.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-38408
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in BT Controller. A remote attacker can read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use After Free
EUVDB-ID: #VU98090
Risk: High
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-43047
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in DSP Service. A local application can execute arbitrary code.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
8) Buffer overflow
EUVDB-ID: #VU99690
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38423
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics Linux. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Integer overflow
EUVDB-ID: #VU99689
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38422
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use After Free
EUVDB-ID: #VU99688
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38421
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics Linux. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use After Free
EUVDB-ID: #VU99686
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38415
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Computer Vision. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use After Free
EUVDB-ID: #VU96698
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38402
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in DSP Services. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU92332
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36978
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the multiq_tune() function in net/sched/sch_multiq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Untrusted Pointer Dereference
EUVDB-ID: #VU98081
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21455
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in DSP Service. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Type confusion
EUVDB-ID: #VU99626
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-20106
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within m4u. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds write
EUVDB-ID: #VU99625
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-20104
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within DA. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU99718
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-34729
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper input validation in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Input validation error
EUVDB-ID: #VU99717
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-31337
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper input validation in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Input validation error
EUVDB-ID: #VU99716
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23715
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper input validation in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU99715
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-35686
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper input validation in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Input validation error
EUVDB-ID: #VU99714
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-35659
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper input validation in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Input validation error
EUVDB-ID: #VU99713
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40671
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper input validation in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU99712
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-34747
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper input validation in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU97492
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46740
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the binder_transaction() function in drivers/android/binder.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-05, 13 2024-11-05, 14 2024-11-05, 15 2024-11-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper input validation
EUVDB-ID: #VU99711
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43083
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-01, 13 2024-11-01, 14 2024-11-01, 15 2024-11-01
CPE2.3 External linkshttps://android.googlesource.com/platform/packages/modules/Wifi/+/62f61e19524e9a55cadd1116c9448ff34b977e50
https://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper input validation
EUVDB-ID: #VU99703
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-43091
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-01, 13 2024-11-01, 14 2024-11-01, 15 2024-11-01
CPE2.3 External linkshttps://android.googlesource.com/platform/external/skia/+/0b628a960e74197ace9831ef0727f5ba7ab6ac10
https://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper input validation
EUVDB-ID: #VU99705
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40661
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-01, 13 2024-11-01, 14 2024-11-01
CPE2.3 External linkshttps://android.googlesource.com/platform/packages/modules/Permission/+/ffd81f212b5594b498f0ba07645c7a181540e494
https://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Information exposure
EUVDB-ID: #VU99701
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43084
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-01, 13 2024-11-01, 14 2024-11-01, 15 2024-11-01
CPE2.3 External linkshttps://android.googlesource.com/platform/frameworks/base/+/50eec20b570cd4cbbe8c5971af4c9dda3ddcb858
https://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Information exposure
EUVDB-ID: #VU99700
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43082
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-01
CPE2.3 External linkshttps://android.googlesource.com/platform/frameworks/base/+/6aa1b4fbf5936a1ff5bdbb79397c94910a6ed8f5
https://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Information exposure
EUVDB-ID: #VU99702
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43086
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-01, 13 2024-11-01, 14 2024-11-01, 15 2024-11-01
CPE2.3 External linkshttps://android.googlesource.com/platform/frameworks/base/+/55a3d36701bb874358f685d3ac3381eda10fcff0
https://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Information exposure
EUVDB-ID: #VU99710
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43090
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-01, 13 2024-11-01, 14 2024-11-01
CPE2.3 External linkshttps://android.googlesource.com/platform/frameworks/base/+/4677d3ee0ec2d31acc6108fea7be6cced971da37
https://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper input validation
EUVDB-ID: #VU99709
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43089
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-01, 13 2024-11-01, 14 2024-11-01, 15 2024-11-01
CPE2.3 External linkshttps://android.googlesource.com/platform/packages/providers/MediaProvider/+/33ff6a663eea1fcdd2b422b98722c1dee48a7f6a
https://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper input validation
EUVDB-ID: #VU99708
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43088
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-01, 13 2024-11-01, 14 2024-11-01, 15 2024-11-01
CPE2.3 External linkshttps://android.googlesource.com/platform/packages/apps/Settings/+/975c28535419be1cc45f66712f41e4a7a40e6001
https://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper input validation
EUVDB-ID: #VU99707
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43087
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-01, 13 2024-11-01, 14 2024-11-01, 15 2024-11-01
CPE2.3 External linkshttps://android.googlesource.com/platform/packages/apps/Settings/+/6253b87704bb097ad9963941bdddf3b86906a73e
https://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper input validation
EUVDB-ID: #VU99706
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43080
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-01, 13 2024-11-01, 14 2024-11-01, 15 2024-11-01
CPE2.3 External linkshttps://android.googlesource.com/platform/packages/apps/Settings/+/26ce013dfd7e59a451acc66e7f05564e0884d46b
https://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper input validation
EUVDB-ID: #VU99704
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-34719
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-01, 13 2024-11-01, 14 2024-11-01
CPE2.3 External linkshttps://android.googlesource.com/platform/packages/modules/Bluetooth/+/b0e4375577ba7e21bd40edac5990bea418ecdc8c
https://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Improper input validation
EUVDB-ID: #VU99698
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43085
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-01, 13 2024-11-01, 14 2024-11-01, 15 2024-11-01
CPE2.3 External linkshttps://android.googlesource.com/platform/frameworks/base/+/2457d4e459ee6ffd099b9ff7cce9c83119c3ce66
https://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Improper input validation
EUVDB-ID: #VU99697
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43081
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12L 2024-11-01, 13 2024-11-01, 14 2024-11-01, 15 2024-11-01
CPE2.3 External linkshttps://android.googlesource.com/platform/frameworks/base/+/31c098c4271ad4fdfb3809e05017ead8d9f6580f
https://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Improper input validation
EUVDB-ID: #VU99696
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40660
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 15 2024-11-01
CPE2.3 External linkshttps://android.googlesource.com/platform/frameworks/native/+/064ce6e3235b6318be1e41f1bac9595a98e4aafa
https://android.googlesource.com/platform/frameworks/native/+/064ce6e3235b6318be1e41f1bac9595a98e4aafa
https://source.android.com/docs/security/bulletin/2024-11-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
