Multiple Vulnerabilities in Google Android OS Could Allow for Privilege Escalation
- by nlqip
Multiple vulnerabilities have been discovered in Google Products that could allow for privilege escalation and remote code execution in the context of the affected component. Following the MITRE ATT&CK framework, exploitation of these vulnerabilities can be classified as follows:
Tactic: Privilege Escalation (TA0004):
Technique: Abuse Elevation Control Mechanism (T1548):
- Multiple vulnerabilities in Framework that could allow for elevation of privilege. (CVE-2023-20971, CVE-2023-21351, CVE-2024-34731, CVE-2024-34734, CVE-2024-34735, CVE-2024-34737, CVE-2024-34738, CVE-2024-34739, CVE-2024-34740, CVE-2024-34741, CVE-2024-34743)
- A vulnerability in Kernel that could allow for remote code execution. (CVE-2024-36971)
Additional lower severity vulnerabilities include:
- A vulnerability in Framework that could allow for information disclosure. (CVE-2024-34736)
- A vulnerability in Framework that could allow for denial of service. (CVE-2024-34742)
- A vulnerability in System that could allow for information disclosure. (CVE-2024-34727)
- Multiple vulnerabilities in Arm components. (CVE-2024-2937, CVE-2024-4607)
- A vulnerability in MediaTek components. (CVE-2024-20082)
- Multiple vulnerabilities in Qualcomm components. (CVE-2024-21478, CVE-2024-23381, CVE-2024-23382, CVE-2024-23383, CVE-2024-23384, CVE-2024-33010, CVE-2024-33011, CVE-2024-33012, CVE-2024-33013, CVE-2024-33014, CVE-2024-33015, CVE-2024-33018, CVE-2024-33019, CVE-2024-33020, CVE-2024-33023, CVE-2024-33024, CVE-2024-33025, CVE-2024-33026, CVE-2024-33027, CVE-2024-33028)
Successful exploitation of the most severe of these vulnerabilities could allow for privilege escalation and remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.
Source link
lol
Multiple vulnerabilities have been discovered in Google Products that could allow for privilege escalation and remote code execution in the context of the affected component. Following the MITRE ATT&CK framework, exploitation of these vulnerabilities can be classified as follows: Tactic: Privilege Escalation (TA0004): Technique: Abuse Elevation Control Mechanism (T1548): Multiple vulnerabilities in Framework that could…
Recent Posts
- A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
- CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- Xerox To Buy Lexmark For $1.5B In Blockbuster Print Deal
- Vulnerability Summary for the Week of December 16, 2024 | CISA
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict