Severity
High
Analysis Summary
CVE-2024-44092 CVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by test/debugging code left in a production build, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-44095 CVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by a logic error in the code in ppmp_protect_mfcfw_buf of code/drm_fw.c, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-29779 CVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by an unusual root cause, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-44093 CVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by a logic error in the code in ppmp_unprotect_buf of drm/code/drm_fw.c, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-44094 CVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by improper input validation in ppmp_protect_mfcfw_buf of code/drm_fw.c, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
Impact
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-44092
- CVE-2024-44095
- CVE-2024-29779
- CVE-2024-44093
- CVE-2024-44094
Affected Vendors
Affected Products
- Google Android
Remediation
Upgrade to the latest version of Android, available from the Google Website.