Risk | High |
Patch available | YES |
Number of vulnerabilities | 14 |
CVE-ID | CVE-2024-53836 CVE-2024-53839 CVE-2024-53834 CVE-2024-53841 CVE-2024-53838 CVE-2024-53837 CVE-2024-53833 CVE-2024-39343 CVE-2024-47032 CVE-2024-53840 CVE-2024-53835 CVE-2024-11624 CVE-2024-8257 CVE-2024-53842 |
CWE-ID | CWE-20 CWE-200 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Pixel Mobile applications / Mobile firmware & hardware |
Vendor |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
EUVDB-ID: #VU101304
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53836
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the WLAN subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-12-05
CPE2.3 External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101309
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53839
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-12-05
CPE2.3 External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101308
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53834
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-12-05
CPE2.3 External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101307
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53841
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the ConnectivityThermalPowerManager subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-12-05
CPE2.3 External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101306
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53838
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the HWC HAL subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-12-05
CPE2.3 External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101305
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53837
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the lwis subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-12-05
CPE2.3 External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101303
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53833
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the LWIS subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-12-05
CPE2.3 External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101070
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39343
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the baseband software does not properly check length specified by the Mobility Management module. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-12-05
CPE2.3 External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-12-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101302
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47032
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the lwis subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-12-05
CPE2.3 External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101301
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53840
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the FPS subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-12-05
CPE2.3 External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101300
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53835
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the FPS subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-12-05
CPE2.3 External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101299
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11624
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the VPN subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-12-05
CPE2.3 External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101298
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8257
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the eSIM subcomponent in Pixel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-12-05
CPE2.3 External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101297
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53842
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cellular baseband subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 2024-12-05
CPE2.3 External linkshttp://source.android.com/docs/security/bulletin/pixel/2024-12-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.