Severity
High
Analysis Summary
CVE-2023-40074 CVSS:6.2
Google Android is vulnerable to a denial of service, caused by a flaw in saveToXml of PersistableBundle.java. By executing a specially crafted application, a local attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-40075 CVSS:6.2
Google Android is vulnerable to a denial of service, caused by a missing bounds check in forceReplaceShortcutInner of ShortcutPackage.java. By executing a specially crafted application, a local attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-40076 CVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by a permissions bypass in createPendingIntent of CredentialManagerUi.java. By executing a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2023-40077 CVSS:9.8
Google Android could allow a remote attacker to gain elevated privileges on the system, caused by a race condition in multiple functions of MetaDataBase.cpp. By executing a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2023-40078 CVSS:8.8
Google Android could allow a remote attacker to gain elevated privileges on the system, caused by a heap buffer overflow in a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc. By executing a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2023-40079 CVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by a permissions bypass in injectSendIntentSender of ShortcutService.java. By executing a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2023-40080 CVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by a logic error in the code in multiple functions of btm_ble_gap.cc. By executing a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2023-40082 CVSS:9.8
Google Android could allow a remote attacker to gain elevated privileges on the system, caused by improperly used crypto in modify_for_next_stage of fdt.rs. By executing a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2023-40084 CVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in run in the MDnsSdListener.cpp script. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2023-40087 CVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by missing bounds checks in transcodeQ*ToFloat in the btif_avrcp_audio_track.cc script. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges on the system.
Impact
- Denial of Service
- Privileges Escalation
Indicators Of Compromise
CVE
- CVE-2023-40074
- CVE-2023-40075
- CVE-2023-40076
- CVE-2023-40077
- CVE-2023-40078
- CVE-2023-40079
- CVE-2023-40080
- CVE-2023-40082
- CVE-2023-40084
- CVE-2023-40087
Affected Vendors
Affected Products
- Google Android 12
- Google Android 11
- Google Android 12L
- Google Android 13
- Google Android 14
Remediation
Refer to the Android Open Source Project for patch, upgrade or suggested workaround information.