Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Google Android Vulnerabilities
March 13, 2024
Rewterz
Rewterz Threat Advisory – Multiple Apple Safari Vulnerabilities
March 13, 2024

Rewterz Threat Advisory – Multiple Google Android Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-25987 CVSS:6.7

Google Android could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds write in pt_sysctl_command of pt.c. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges

CVE-2024-25984 CVSS:6.2

Google Android could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read in dumpBatteryDefend of dump_power.cpp. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-27230 CVSS:6.2

Google Android could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read in ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cpp. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-27237 CVSS:6.2

Google Android could allow a local attacker to obtain sensitive information, caused by a logic error in the code in wipe_ns_memory of nsmemwipe.c,. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-27235 CVSS:6.2

Google Android could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read in plugin_extern_func. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-27225 CVSS:4.4

Google Android could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read in sendHciCommand of bluetooth_hci.cc. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-25988 CVSS:6.2

Google Android could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in SAEMM_DiscloseGuti of SAEMM_RadioMessageCodec.c. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-27223 CVSS:6.2

Google Android could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-27218 CVSS:6.2

Google Android could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read in update_freq_data. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-27234 CVSS:6.2

Google Android could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read in fvp_set_target of fvp.c. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.

Impact

  • Privilege Escalation
  • Information Disclosure

Indicators Of Compromise

CVE

  • CVE-2024-25987
  • CVE-2024-25984
  • CVE-2024-27230
  • CVE-2024-27237
  • CVE-2024-27235
  • CVE-2024-27225
  • CVE-2024-25988
  • CVE-2024-27223
  • CVE-2024-27218
  • CVE-2024-27234

Affected Vendors

Google

Affected Products

  • Google Android

Remediation

Upgrade to the latest version of Android, available from the Google Website.

Google Website