Rewterz Threat Advisory – Multiple Google Android Vulnerabilities
March 13, 2024Rewterz Threat Advisory – Multiple Apple Safari Vulnerabilities
March 13, 2024Rewterz Threat Advisory – Multiple Google Android Vulnerabilities
March 13, 2024Rewterz Threat Advisory – Multiple Apple Safari Vulnerabilities
March 13, 2024Severity
Medium
Analysis Summary
CVE-2024-25987 CVSS:6.7
Google Android could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds write in pt_sysctl_command of pt.c. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges
CVE-2024-25984 CVSS:6.2
Google Android could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read in dumpBatteryDefend of dump_power.cpp. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-27230 CVSS:6.2
Google Android could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read in ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cpp. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-27237 CVSS:6.2
Google Android could allow a local attacker to obtain sensitive information, caused by a logic error in the code in wipe_ns_memory of nsmemwipe.c,. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-27235 CVSS:6.2
Google Android could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read in plugin_extern_func. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-27225 CVSS:4.4
Google Android could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read in sendHciCommand of bluetooth_hci.cc. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-25988 CVSS:6.2
Google Android could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in SAEMM_DiscloseGuti of SAEMM_RadioMessageCodec.c. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-27223 CVSS:6.2
Google Android could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-27218 CVSS:6.2
Google Android could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read in update_freq_data. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-27234 CVSS:6.2
Google Android could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read in fvp_set_target of fvp.c. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Privilege Escalation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2024-25987
- CVE-2024-25984
- CVE-2024-27230
- CVE-2024-27237
- CVE-2024-27235
- CVE-2024-27225
- CVE-2024-25988
- CVE-2024-27223
- CVE-2024-27218
- CVE-2024-27234
Affected Vendors
Affected Products
- Google Android
Remediation
Upgrade to the latest version of Android, available from the Google Website.