Analysis Summary

CVE-2024-47041 CVSS:7.4

In valid_address of syscall.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-47033 CVSS:8.4

In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-47031 CVSS:8.4

Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component.

CVE-2024-47035 CVSS:7.4

In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-47027 CVSS:8.4

In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Impact

• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2024-47041
• CVE-2024-47033
• CVE-2024-47031
• CVE-2024-47035
• CVE-2024-47027

Affected Vendors

Remediation

Upgrade to the latest version of Android, available from the Google Website.

Google Website