SB20240611287 - Multiple vulnerabilities in Google Pixel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20240611287

SB20240611287 - Multiple vulnerabilities in Google Pixel

Published: June 11, 2024

Security Bulletin ID SB20240611287
Severity
High
Patch available
YES
Number of vulnerabilities 50
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 12% Medium 2% Low 86%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 50 secuirty vulnerabilities.


1) Information exposure (CVE-ID: CVE-2024-32897)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.


2) Improper input validation (CVE-ID: CVE-2023-50803)

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can perform a denial of service (DoS) attack.


3) Improper input validation (CVE-ID: CVE-2024-32902)

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can perform a denial of service (DoS) attack.


4) Improper input validation (CVE-ID: CVE-2024-32923)

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can perform a denial of service (DoS) attack.


5) Improper input validation (CVE-ID: CVE-2024-29784)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the lwis subcomponent in Pixel. A local application can execute arbitrary code.


6) Improper input validation (CVE-ID: CVE-2024-29787)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the lwis subcomponent in Pixel. A local application can execute arbitrary code.


7) Improper input validation (CVE-ID: CVE-2024-32900)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the LWIS subcomponent in Pixel. A local application can execute arbitrary code.


8) Improper input validation (CVE-ID: CVE-2024-32903)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the lwis subcomponent in Pixel. A local application can execute arbitrary code.


9) Improper input validation (CVE-ID: CVE-2024-32919)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the LWIS subcomponent in Pixel. A local application can execute arbitrary code.


10) Improper input validation (CVE-ID: CVE-2024-32921)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the lwis subcomponent in Pixel. A local application can execute arbitrary code.


11) Information exposure (CVE-ID: CVE-2024-29778)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.


12) Information exposure (CVE-ID: CVE-2024-32898)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.


13) Information exposure (CVE-ID: CVE-2024-32920)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


14) Information exposure (CVE-ID: CVE-2024-32904)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.


15) Information exposure (CVE-ID: CVE-2024-32915)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.


16) Information exposure (CVE-ID: CVE-2024-32926)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Fingerprint Sensor subcomponent in Pixel. A local application can gain access to sensitive information.


17) Improper input validation (CVE-ID: CVE-2024-32912)

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Telephony subcomponent in Pixel. A local application can perform a denial of service (DoS) attack.


18) Improper input validation (CVE-ID: CVE-2024-32924)

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can perform a denial of service (DoS) attack.


19) Buffer over-read (CVE-ID: CVE-2023-43537)

The vulnerability allows a remote attacker to read memory contents or crash the system.

The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can read memory contents or crash the system.


20) Use After Free (CVE-ID: CVE-2023-43543)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in Audio. A local privileged application can execute arbitrary code.


21) Use After Free (CVE-ID: CVE-2023-43544)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in Audio. A local privileged application can execute arbitrary code.


22) Integer overflow (CVE-ID: CVE-2023-43545)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in WLAN HOST. A local privileged application can execute arbitrary code.


23) Buffer over-read (CVE-ID: CVE-2023-43555)

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in Video. A remote attacker can read and manipulate data.


24) Information exposure (CVE-ID: CVE-2024-32930)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


25) Information exposure (CVE-ID: CVE-2024-32918)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Trusty subcomponent in Pixel. A local application can gain access to sensitive information.


26) Improper input validation (CVE-ID: CVE-2024-32896)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Pixel Firmwire subcomponent in Pixel. A local application can execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.


27) Improper input validation (CVE-ID: CVE-2024-32925)

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the wlan subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.


28) Improper input validation (CVE-ID: CVE-2024-32891)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can execute arbitrary code.


29) Improper input validation (CVE-ID: CVE-2024-32892)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Goodix subcomponent in Pixel. A local application can execute arbitrary code.


30) Improper input validation (CVE-ID: CVE-2024-32899)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Mali subcomponent in Pixel. A local application can execute arbitrary code.


31) Improper input validation (CVE-ID: CVE-2024-32906)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the avcp subcomponent in Pixel. A local application can execute arbitrary code.


32) Improper input validation (CVE-ID: CVE-2024-32908)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can execute arbitrary code.


33) Improper input validation (CVE-ID: CVE-2024-32909)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the confirmationui subcomponent in Pixel. A local application can execute arbitrary code.


34) Improper input validation (CVE-ID: CVE-2024-32922)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Mali subcomponent in Pixel. A local application can execute arbitrary code.


35) Improper input validation (CVE-ID: CVE-2024-29786)

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the CPIF subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.


36) Improper input validation (CVE-ID: CVE-2024-32905)

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the cpif subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.


37) Improper input validation (CVE-ID: CVE-2024-32913)

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the WLAN subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.


38) Improper input validation (CVE-ID: CVE-2024-32895)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the WLAN subcomponent in Pixel. A local application can execute arbitrary code.


39) Information exposure (CVE-ID: CVE-2024-32916)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


40) Improper input validation (CVE-ID: CVE-2024-32901)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the v4l2 subcomponent in Pixel. A local application can execute arbitrary code.


41) Improper input validation (CVE-ID: CVE-2024-32907)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Trusty / TEE subcomponent in Pixel. A local application can execute arbitrary code.


42) Improper input validation (CVE-ID: CVE-2024-32911)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can execute arbitrary code.


43) Improper input validation (CVE-ID: CVE-2024-32917)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Trusty OS subcomponent in Pixel. A local application can execute arbitrary code.


44) Information exposure (CVE-ID: CVE-2024-29780)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the hwbcc TA subcomponent in Pixel. A local application can gain access to sensitive information.


45) Information exposure (CVE-ID: CVE-2024-29781)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the GsmSs subcomponent in Pixel. A local application can gain access to sensitive information.


46) Information exposure (CVE-ID: CVE-2024-29785)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


47) Information exposure (CVE-ID: CVE-2024-32893)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


48) Information exposure (CVE-ID: CVE-2024-32894)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can gain access to sensitive information.


49) Information exposure (CVE-ID: CVE-2024-32910)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the spi TA subcomponent in Pixel. A local application can gain access to sensitive information.


50) Information exposure (CVE-ID: CVE-2024-32914)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the ACPM subcomponent in Pixel. A local application can gain access to sensitive information.


Remediation

Install update from vendor's website.

References