Severity
Medium
Analysis Summary
CVE-2024-43086 CVSS:6.2
Google Android could allow a local attacker to obtain sensitive information, caused by a confused deputy in validateAccountsInternal of AccountManagerService.java. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-43084 CVSS:6.2
Google Android could allow a local attacker to obtain sensitive information, caused by a confused deputy in visitUris of multiple files. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-43082 CVSS:6.2
Google Android could allow a local attacker to obtain sensitive information, caused by a confused deputy in onActivityResult of EditUserPhotoController.java. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-43083 CVSS:6.2
In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Impact
- Information Disclosure
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-43086
- CVE-2024-43084
- CVE-2024-43082
- CVE-2024-43083
Affected Vendors
Affected Products
- Google Android
Remediation
Upgrade to the latest version of Android, available from the Google Website.