CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47017
https://notcve.org/view.php?id=CVE-2024-47017
In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2024-10-01 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47016
https://notcve.org/view.php?id=CVE-2024-47016
there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2024-10-01 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47015
https://notcve.org/view.php?id=CVE-2024-47015
In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2024-10-01 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47014
https://notcve.org/view.php?id=CVE-2024-47014
N/A Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292. • https://source.android.com/security/bulletin/pixel/2024-10-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47013
https://notcve.org/view.php?id=CVE-2024-47013
In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2024-10-01 • CWE-276: Incorrect Default Permissions •