Analysis Summary

CVE-2024-44092 CVSS:8.4

Google Android could allow a local attacker to gain elevated privileges on the system, caused by test/debugging code left in a production build, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-44095 CVSS:8.4

Google Android could allow a local attacker to gain elevated privileges on the system, caused by a logic error in the code in ppmp_protect_mfcfw_buf of code/drm_fw.c, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-29779 CVSS:8.4

Google Android could allow a local attacker to gain elevated privileges on the system, caused by an unusual root cause, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-44093 CVSS:8.4

Google Android could allow a local attacker to gain elevated privileges on the system, caused by a logic error in the code in ppmp_unprotect_buf of drm/code/drm_fw.c, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-44094 CVSS:8.4

Google Android could allow a local attacker to gain elevated privileges on the system, caused by improper input validation in ppmp_protect_mfcfw_buf of code/drm_fw.c, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

Impact

• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2024-44092
• CVE-2024-44095
• CVE-2024-29779
• CVE-2024-44093
• CVE-2024-44094

Affected Vendors

Remediation

Upgrade to the latest version of Android, available from the Google Website.

Google Website