CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43771
https://notcve.org/view.php?id=CVE-2024-43771
21 Jan 2025 — In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43770
https://notcve.org/view.php?id=CVE-2024-43770
21 Jan 2025 — In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43765
https://notcve.org/view.php?id=CVE-2024-43765
21 Jan 2025 — In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43763
https://notcve.org/view.php?id=CVE-2024-43763
21 Jan 2025 — In build_read_multi_rsp of gatt_sr.cc, there is a possible denial of service due to a logic error in the code. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43096
https://notcve.org/view.php?id=CVE-2024-43096
21 Jan 2025 — In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43095
https://notcve.org/view.php?id=CVE-2024-43095
21 Jan 2025 — In multiple locations, there is a possible way to obtain any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-34730
https://notcve.org/view.php?id=CVE-2024-34730
21 Jan 2025 — In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40132
https://notcve.org/view.php?id=CVE-2023-40132
21 Jan 2025 — In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40108
https://notcve.org/view.php?id=CVE-2023-40108
21 Jan 2025 — In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2025-01-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43769
https://notcve.org/view.php?id=CVE-2024-43769
02 Jan 2025 — In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/619ffc299bf33566ba6daee8301ee0fc96e015f4 • CWE-276: Incorrect Default Permissions •