CVE-2024-0034
https://notcve.org/view.php?id=CVE-2024-0034
In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En BackgroundLaunchProcessController, existe una forma posible de iniciar actividad arbitraria desde segundo plano debido a BAL Bypass. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://android.googlesource.com/platform/frameworks/base/+/653f7b0d234693309dc86161af01831b64033fe6 https://source.android.com/security/bulletin/2024-02-01 •
CVE-2024-0033
https://notcve.org/view.php?id=CVE-2024-0033
In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En múltiples funciones de ashmem-dev.cpp, es posible que falte un sello debido a un ashmem-dev.cpp. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://android.googlesource.com/platform/frameworks/native/+/aa98edf0ce9dde4886979658a459900ca987f193 https://android.googlesource.com/platform/system/core/+/46d46dc46446f14f26fbe8fb102dd36c1dfc1229 https://source.android.com/security/bulletin/2024-02-01 • CWE-122: Heap-based Buffer Overflow •
CVE-2024-0032
https://notcve.org/view.php?id=CVE-2024-0032
In queryChildDocuments of FileSystemProvider.java, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. En queryChildDocuments de FileSystemProvider.java, existe una forma posible de solicitar acceso a directorios que deberían estar ocultos debido a una validación de entrada incorrecta. Esto podría conducir a una escalada local de privilegios con privilegios de ejecución del usuario necesarios. • https://android.googlesource.com/platform/frameworks/base/+/4af5db76f25348849252e0b8a08f4a517ef842b7 https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/5acd646e0cf63e2c9c0862da7e03531ef0074394 https://source.android.com/security/bulletin/2024-02-01 • CWE-284: Improper Access Control •
CVE-2024-0031
https://notcve.org/view.php?id=CVE-2024-0031
In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. En attp_build_read_by_type_value_cmd de att_protocol.cc, existe una posible escritura fuera de los límites debido a una validación de entrada incorrecta. Esto podría conducir a la ejecución remota de código sin necesidad de privilegios de ejecución adicionales. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/de53890aaca2ae08b3ee2d6e3fd25f702fdfa661 https://source.android.com/security/bulletin/2024-02-01 • CWE-20: Improper Input Validation •
CVE-2024-0030
https://notcve.org/view.php?id=CVE-2024-0030
In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. En btif_to_bta_response de btif_gatt_util.cc, existe una posible lectura fuera de los límites debido a una verificación de los límites incorrecta. Esto podría dar lugar a la divulgación de información local sin necesidad de privilegios de ejecución adicionales. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/57b823f4f758e2ef530909da07552b5aa80c6a7d https://source.android.com/security/bulletin/2024-02-01 • CWE-125: Out-of-bounds Read •