Severity
High
Analysis Summary
CVE-2024-47038 CVSS:10
Google Android could allow a remote attacker to gain elevated privileges on the system, caused by an out-of-bounds write in dhd_prot_flowrings_pool_release of dhd_msgbuf.c. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-47039 CVSS:10
Google Android could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in isSlotMarkedSuccessful of BootControl.cpp. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-47040 CVSS:10
Google Android could allow a remote attacker to gain elevated privileges on the system, caused by an use-after-free. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
Impact
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-47038
- CVE-2024-47039
- CVE-2024-47040
Affected Vendors
Affected Products
- Google Android
Remediation
Upgrade to the latest version of Android, available from the Google Website.