SB2024110705 - Multiple vulnerabilities in Google Pixel
Published: November 7, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2024-47038)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Kernel subcomponent in Pixel. A local application can execute arbitrary code.
2) Improper input validation (CVE-ID: CVE-2024-47040)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the ISap subcomponent in Pixel. A local application can execute arbitrary code.
3) Information exposure (CVE-ID: CVE-2024-47039)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the bootctrl Functional patchesFor details on the new bug fixes and functional patches included in this release, refer to the Pixel Community forum.Common questions and answers This section answers common questions that may occur after reading this bulletin. 1. How do I determine if my device is updated to address these issues? Security patch levels of 2024-11-05 or later address all issues associated with the 2024-11-05 security patch level and all previous patch levels. To learn how to check a device\'s security patch level, read the instructions on the Google device update schedule. 2. What do the entries in the Type column mean?Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability. subcomponent in Pixel. A local application can gain access to sensitive information.
Remediation
Install update from vendor's website.