Analysis Summary

CVE-2024-43086 CVSS:6.2

Google Android could allow a local attacker to obtain sensitive information, caused by a confused deputy in validateAccountsInternal of AccountManagerService.java. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-43084 CVSS:6.2

Google Android could allow a local attacker to obtain sensitive information, caused by a confused deputy in visitUris of multiple files. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-43082 CVSS:6.2

Google Android could allow a local attacker to obtain sensitive information, caused by a confused deputy in onActivityResult of EditUserPhotoController.java. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-43083 CVSS:6.2

In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Impact

• Information Disclosure
• Denial of Service

Indicators of Compromise

CVE

• CVE-2024-43086
• CVE-2024-43084
• CVE-2024-43082
• CVE-2024-43083

Affected Vendors

Remediation

Upgrade to the latest version of Android, available from the Google Website.

CVE-2024-43086

CVE-2024-43084

CVE-2024-43082

CVE-2024-43083