SB20240806406 - Multiple vulnerabilities in Google Pixel

Security Bulletin ID SB20240806406

Severity

Medium

Patch available

YES

Number of vulnerabilities 5

Exploitation vector Remote access

Highest impact Code execution

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Use After Free (CVE-ID: CVE-2023-28577)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to no check if the buffer is being used in Camera Driver. A local privileged application can execute arbitrary code.

2) Buffer over-read (CVE-ID: CVE-2024-21459)

The vulnerability allows a remote attacker to read memory contents or crash the system.

The vulnerability exists due to improper input validation in WLAN HOST. A remote attacker can read memory contents or crash the system.

3) Buffer over-read (CVE-ID: CVE-2024-21467)

The vulnerability allows a remote attacker to read memory contents or crash the system.

The vulnerability exists due to improper input validation in WLAN Host Communication. A remote attacker can read memory contents or crash the system.

4) Buffer over-read (CVE-ID: CVE-2024-21479)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in Audio. A remote attacker can perform a denial of service (DoS) attack.

5) Input validation error (CVE-ID: CVE-2024-32927)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation in RIL. A local application can escalate privileges on the system.

Install update from vendor's website.