CVE-2024-29748 – Android Pixel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-29748
there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Existe una posible forma de omitirlo debido a un error lógico en el código. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://source.android.com/security/bulletin/pixel/2024-04-01 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVE-2023-48418 – User Build misconfiguration resulting in local escalation of privilege
https://notcve.org/view.php?id=CVE-2023-48418
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation En checkDebuggingDisallowed de DeviceVersionFragment.java, existe una forma posible de acceder a adb antes de que se complete SUW debido a un valor predeterminado inseguro. Esto podría conducir a una escalada local de privilegios sin necesidad de privilegios de ejecución adicionales. La interacción del usuario no es necesaria para la explotación. • http://packetstormsecurity.com/files/176446/Android-DeviceVersionFragment.java-Privilege-Escalation.html https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01 • CWE-269: Improper Privilege Management •
CVE-2023-4164 – There is a possible information disclosure due to a missing permission check in Pixel Watch
https://notcve.org/view.php?id=CVE-2023-4164
There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed. Existe una posible divulgación de información debido a que falta una verificación de permiso. Esto podría conducir a la divulgación de información local de datos de salud sin necesidad de privilegios de ejecución adicionales. • https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVE-2023-45866 – bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution
https://notcve.org/view.php?id=CVE-2023-45866
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. Bluetooth HID Hosts in BlueZ pueden permitir que un dispositivo HID con función periférica no autenticada inicie y establezca una conexión cifrada y acepte informes de teclado HID, lo que potencialmente permite la inyección de mensajes HID cuando no se ha producido ninguna interacción del usuario en la función central para autorizar dicho acceso. Un ejemplo de paquete afectado es bluez 5.64-0ubuntu1 en Ubuntu 22.04LTS. • http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog http://seclists.org/fulldisclosure/2023/Dec/7 http://seclists.org/fulldisclosure/2023/Dec/9 https://bluetooth.com https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 https://github.com/skysafe/reblog/tree/main/cve-2023-45866 https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html https://lists.fedoraproject.org/archives/list/package • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVE-2023-44216
https://notcve.org/view.php?id=CVE-2023-44216
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin. PVRIC (PowerVR Image Compression) en Imagination 2018 y dispositivos GPU posteriores ofrece compresión transparente por software que permite ataques de robo de píxeles de origen cruzado contra feTurbulence y feBlend en la especificación del filtro SVG, también conocido como un problema GPU.zip. Por ejemplo, los atacantes a veces pueden determinar con precisión el texto contenido en una página web de un origen si controlan un recurso de un origen diferente. • https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level https://blog.imaginationtech.com/reducing-bandwidth-pvric https://github.com/UT-Security/gpu-zip https://news.ycombinator.com/item?id=37663159 https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack https://www.hertzbleed.com/gpu.zip https://www.her • CWE-203: Observable Discrepancy •