Request a Demo
Rewterz
CVE-2025-22217 – VMware Avi Load Balancer Vulnerability
January 29, 2025
Rewterz
Multiple Apple Products Vulnerabilities
January 29, 2025

Multiple Google Android Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-40677 CVSS:8.4

In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40670 CVSS:8.4

In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40669 CVSS:8.4

In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40651 CVSS:8.4

In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40649 CVSS:8.4

In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-49748 CVSS:9.8

Google Android could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in System component.

CVE-2024-43771 CVSS:9.8

Google Android could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in System component.

CVE-2024-49747 CVSS:9.8

Google Android could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in System component.

CVE-2024-43770 CVSS:9.8

Google Android could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in System component.

CVE-2024-43096 CVSS:9.8

Google Android could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in System component.

Impact

  • Code Execution
  • Privilege Escalation

Indicators of Compromise

CVE

  • CVE-2024-40677

  • CVE-2024-40670

  • CVE-2024-40669

  • CVE-2024-40651

  • CVE-2024-40649

  • CVE-2024-49748

  • CVE-2024-43771

  • CVE-2024-49747

  • CVE-2024-43770

  • CVE-2024-43096

Affected Vendors

Google Android

Affected Products

  • Google Android - Android kernel
  • Google Android - 15 - 14 - 13 - 12L - 12
  • Google Android - Android SoC

Remediation

Upgrade to the latest version of Android, available from the Google Website.

CVE-2024-40677 

CVE-2024-40670

CVE-2024-40669

CVE-2024-40651

CVE-2024-40649

CVE-2024-49748

CVE-2024-43771

CVE-2024-49747

CVE-2024-43770

CVE-2024-43096