CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53840
https://notcve.org/view.php?id=CVE-2024-53840
03 Jan 2025 — there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2024-12-01 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53839
https://notcve.org/view.php?id=CVE-2024-53839
03 Jan 2025 — In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2024-12-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53838
https://notcve.org/view.php?id=CVE-2024-53838
03 Jan 2025 — In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2024-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53837
https://notcve.org/view.php?id=CVE-2024-53837
03 Jan 2025 — In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2024-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53836
https://notcve.org/view.php?id=CVE-2024-53836
03 Jan 2025 — In wbrc_bt_dev_write of wb_regon_coordinator.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2024-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53835
https://notcve.org/view.php?id=CVE-2024-53835
03 Jan 2025 — there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2024-12-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53834
https://notcve.org/view.php?id=CVE-2024-53834
03 Jan 2025 — In sms_DisplayHexDumpOfPrivacyBuffer of sms_Utilities.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2024-12-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53833
https://notcve.org/view.php?id=CVE-2024-53833
03 Jan 2025 — In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2024-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47032
https://notcve.org/view.php?id=CVE-2024-47032
03 Jan 2025 — In construct_transaction_from_cmd of lwis_ioctl.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2024-12-01 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11624
https://notcve.org/view.php?id=CVE-2024-11624
03 Jan 2025 — there is a possible to add apps to bypass VPN due to Undeclared Permission . This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2024-12-01 • CWE-276: Incorrect Default Permissions •