All the vulnerabilites related to google - pixel_2
cve-2023-45866
Vulnerability from cvelistv5
Published
2023-12-08 00:00
Modified
2024-08-02 20:29
Severity ?
EPSS score ?
Summary
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bluetooth.com"
},
{
"tags": [
"x_transferred"
],
"url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"
},
{
"name": "FEDORA-2023-6a3fe615d3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/"
},
{
"name": "FEDORA-2023-26a02512e1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214036"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214035"
},
{
"name": "20231212 APPLE-SA-12-11-2023-4 macOS Sonoma 14.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/9"
},
{
"name": "20231212 APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/7"
},
{
"name": "[debian-lts-announce] 20231215 [SECURITY] [DLA 3689-1] bluez security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html"
},
{
"name": "DSA-5584",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5584"
},
{
"name": "GLSA-202401-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-05T13:06:14.377607",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bluetooth.com"
},
{
"url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog"
},
{
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866"
},
{
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"
},
{
"name": "FEDORA-2023-6a3fe615d3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/"
},
{
"name": "FEDORA-2023-26a02512e1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/"
},
{
"url": "https://support.apple.com/kb/HT214036"
},
{
"url": "https://support.apple.com/kb/HT214035"
},
{
"name": "20231212 APPLE-SA-12-11-2023-4 macOS Sonoma 14.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/9"
},
{
"name": "20231212 APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/7"
},
{
"name": "[debian-lts-announce] 20231215 [SECURITY] [DLA 3689-1] bluez security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html"
},
{
"name": "DSA-5584",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5584"
},
{
"name": "GLSA-202401-03",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-03"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45866",
"datePublished": "2023-12-08T00:00:00",
"dateReserved": "2023-10-14T00:00:00",
"dateUpdated": "2024-08-02T20:29:32.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44100
Vulnerability from cvelistv5
Published
2024-10-25 10:34
Modified
2024-10-25 18:46
Severity ?
EPSS score ?
Summary
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "android_kernel"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-44100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T18:43:22.487800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T18:46:51.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:37:00.000Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-44100",
"datePublished": "2024-10-25T10:34:03.553Z",
"dateReserved": "2024-08-19T16:32:38.651Z",
"dateUpdated": "2024-10-25T18:46:51.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47022
Vulnerability from cvelistv5
Published
2024-10-25 10:34
Modified
2024-10-28 20:17
Severity ?
EPSS score ?
Summary
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:google:pixel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pixel",
"vendor": "google",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T17:19:59.091043Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T20:17:19.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:37:00.000Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-47022",
"datePublished": "2024-10-25T10:34:05.677Z",
"dateReserved": "2024-09-16T19:14:14.859Z",
"dateUpdated": "2024-10-28T20:17:19.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47020
Vulnerability from cvelistv5
Published
2024-10-25 10:34
Modified
2024-10-28 20:19
Severity ?
EPSS score ?
Summary
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T17:20:32.373490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T20:19:11.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:37:00.000Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-47020",
"datePublished": "2024-10-25T10:34:05.317Z",
"dateReserved": "2024-09-16T18:51:44.743Z",
"dateUpdated": "2024-10-28T20:19:11.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-10-25 11:15
Modified
2024-10-28 21:35
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| dsap-vuln-management@google.com | https://source.android.com/security/bulletin/pixel/2024-10-01 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | * | ||
| pixel | - | ||
| pixel_2 | - | ||
| pixel_2_xl | - | ||
| pixel_3 | - | ||
| pixel_3_xl | - | ||
| pixel_3a | - | ||
| pixel_3a_xl | - | ||
| pixel_4 | - | ||
| pixel_4_xl | - | ||
| pixel_4a | - | ||
| pixel_4a_5g | - | ||
| pixel_5 | - | ||
| pixel_5a | - | ||
| pixel_6 | - | ||
| pixel_6_pro | - | ||
| pixel_6a | - | ||
| pixel_7 | - | ||
| pixel_7_pro | - | ||
| pixel_7a | - | ||
| pixel_8 | - | ||
| pixel_8_pro | - | ||
| pixel_8a | - | ||
| pixel_9 | - | ||
| pixel_9_pro | - | ||
| pixel_9_pro_fold | - | ||
| pixel_c | - | ||
| pixel_fold | - | ||
| pixel_pro_xl | - | ||
| pixel_slate | - | ||
| pixel_tablet | - | ||
| pixel_xl | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1716AE3-39FD-430C-9B82-FDDEB29775B8",
"versionEndExcluding": "2024-10-05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B17D3A78-87DD-44CD-AB11-3E42AEB1A1D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B76B2AD-52E2-41D2-82D7-557DC32E064F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_2_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50F1BE2A-DC55-4AC2-8272-FC793CB93B48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95B55D72-61F8-4957-9C3D-8009C6966F40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "128E8B67-E19C-4C1A-B7FB-081ACDB243C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F56191C-4FF1-4309-9169-AA83CF2F23F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3a_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59B24F-5624-4BCB-985A-2CC9987EA69C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EFE6CB-CAFD-4F38-8548-A19A0FBFECC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BF63E4-BD56-40F9-AA33-5EB5D1D2A7BE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E49FC5D-ACC7-498F-88E9-293AB276CF63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4a_5g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3936C02-6FC1-4B53-A54E-C49DBEFBC17A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821F3393-1034-4812-A091-D753EDA59E60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_5a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD673E4-9A74-4029-9E99-F741711A529C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C27C4FD0-E67A-4D54-A00A-BDD59AAABB4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBDD7EC-7E2D-4703-9CE8-8B2422146F6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99FFC9C6-24A6-4479-8DA1-93DA62C89048",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1347ED-56D0-4AF8-92D8-D4E427B5A1CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23904900-3001-4EA1-9A6C-C8F7EB2D3C42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C74EE811-A472-4509-A52F-34EE65FEDE7B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7669A258-53B3-4599-B304-A99C47278583",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E43578F-1598-4343-AC12-B71DE4E33C50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF365A22-58DA-4D98-ADF0-FFD566BD62B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D7038F-BF44-45ED-8C35-6DD98D72A043",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0889AF-7B08-42CE-A721-87D99B9F27CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9_pro_fold:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3485B56E-3A9C-4960-B58E-CE5291BD66CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9526852E-8BF4-42AA-A9BC-84FEC564B871",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_fold:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05242EED-D230-4968-A0B1-1472D6D645D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_pro_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0EF14B-06EF-4229-8364-7049A6E53D32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_slate:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A412160-3367-4945-BD00-A0D730C271CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_tablet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "831D6339-087B-4CFA-9AF7-FBE6FB5F7E00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1674845A-B3D0-43E2-98FC-06E29A3C6A77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656."
},
{
"lang": "es",
"value": "Android anterior al 2024-10-05 en los dispositivos Google Pixel permite la divulgaci\u00f3n de informaci\u00f3n en el componente ACPM, A-331255656."
}
],
"id": "CVE-2024-47022",
"lastModified": "2024-10-28T21:35:18.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-10-25T11:15:16.950",
"references": [
{
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
}
],
"sourceIdentifier": "dsap-vuln-management@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-25 11:15
Modified
2024-10-28 13:50
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| dsap-vuln-management@google.com | https://source.android.com/security/bulletin/pixel/2024-10-01 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | * | ||
| pixel | - | ||
| pixel_2 | - | ||
| pixel_2_xl | - | ||
| pixel_3 | - | ||
| pixel_3_xl | - | ||
| pixel_3a | - | ||
| pixel_3a_xl | - | ||
| pixel_4 | - | ||
| pixel_4_xl | - | ||
| pixel_4a | - | ||
| pixel_4a_5g | - | ||
| pixel_5 | - | ||
| pixel_5a | - | ||
| pixel_6 | - | ||
| pixel_6_pro | - | ||
| pixel_6a | - | ||
| pixel_7 | - | ||
| pixel_7_pro | - | ||
| pixel_7a | - | ||
| pixel_8 | - | ||
| pixel_8_pro | - | ||
| pixel_8a | - | ||
| pixel_9 | - | ||
| pixel_9_pro | - | ||
| pixel_9_pro_fold | - | ||
| pixel_c | - | ||
| pixel_fold | - | ||
| pixel_pro_xl | - | ||
| pixel_slate | - | ||
| pixel_tablet | - | ||
| pixel_xl | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1716AE3-39FD-430C-9B82-FDDEB29775B8",
"versionEndExcluding": "2024-10-05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B17D3A78-87DD-44CD-AB11-3E42AEB1A1D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B76B2AD-52E2-41D2-82D7-557DC32E064F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_2_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50F1BE2A-DC55-4AC2-8272-FC793CB93B48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95B55D72-61F8-4957-9C3D-8009C6966F40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "128E8B67-E19C-4C1A-B7FB-081ACDB243C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F56191C-4FF1-4309-9169-AA83CF2F23F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3a_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59B24F-5624-4BCB-985A-2CC9987EA69C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EFE6CB-CAFD-4F38-8548-A19A0FBFECC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BF63E4-BD56-40F9-AA33-5EB5D1D2A7BE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E49FC5D-ACC7-498F-88E9-293AB276CF63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4a_5g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3936C02-6FC1-4B53-A54E-C49DBEFBC17A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821F3393-1034-4812-A091-D753EDA59E60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_5a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD673E4-9A74-4029-9E99-F741711A529C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C27C4FD0-E67A-4D54-A00A-BDD59AAABB4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBDD7EC-7E2D-4703-9CE8-8B2422146F6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99FFC9C6-24A6-4479-8DA1-93DA62C89048",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1347ED-56D0-4AF8-92D8-D4E427B5A1CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23904900-3001-4EA1-9A6C-C8F7EB2D3C42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C74EE811-A472-4509-A52F-34EE65FEDE7B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7669A258-53B3-4599-B304-A99C47278583",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E43578F-1598-4343-AC12-B71DE4E33C50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF365A22-58DA-4D98-ADF0-FFD566BD62B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D7038F-BF44-45ED-8C35-6DD98D72A043",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0889AF-7B08-42CE-A721-87D99B9F27CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9_pro_fold:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3485B56E-3A9C-4960-B58E-CE5291BD66CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9526852E-8BF4-42AA-A9BC-84FEC564B871",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_fold:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05242EED-D230-4968-A0B1-1472D6D645D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_pro_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0EF14B-06EF-4229-8364-7049A6E53D32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_slate:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A412160-3367-4945-BD00-A0D730C271CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_tablet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "831D6339-087B-4CFA-9AF7-FBE6FB5F7E00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1674845A-B3D0-43E2-98FC-06E29A3C6A77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545."
},
{
"lang": "es",
"value": "Android anterior al 2024-10-05 en los dispositivos Google Pixel permite la divulgaci\u00f3n de informaci\u00f3n en el componente del m\u00f3dem, A-299774545."
}
],
"id": "CVE-2024-44100",
"lastModified": "2024-10-28T13:50:50.743",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-10-25T11:15:16.293",
"references": [
{
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
}
],
"sourceIdentifier": "dsap-vuln-management@google.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-08 06:15
Modified
2024-12-12 14:33
Severity ?
Summary
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 4.2.2 | ||
| bluproducts | dash | 3.5 | |
| android | 6.0.1 | ||
| nexus_5 | - | ||
| android | 10.0 | ||
| android | 11.0 | ||
| pixel_2 | - | ||
| android | 13.0 | ||
| pixel_4a | - | ||
| pixel_6 | - | ||
| android | 14.0 | ||
| pixel_7 | - | ||
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| canonical | ubuntu_linux | 22.04 | |
| canonical | ubuntu_linux | 23.10 | |
| apple | iphone_os | 16.6 | |
| apple | iphone_se | - | |
| apple | macos | 12.6.7 | |
| apple | macbook_air | 2017 | |
| apple | macos | 13.3.3 | |
| apple | macbook_pro | m2 | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| apple | ipados | * | |
| apple | iphone_os | * | |
| apple | macos | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bluproducts:dash:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "025AACE2-2B3F-4ACD-B187-22ED8CDF8BAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:nexus_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25DB8689-116F-49B5-91F5-BCBA8854BD42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B76B2AD-52E2-41D2-82D7-557DC32E064F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel_4a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E49FC5D-ACC7-498F-88E9-293AB276CF63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C27C4FD0-E67A-4D54-A00A-BDD59AAABB4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1347ED-56D0-4AF8-92D8-D4E427B5A1CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:-:*:*:*",
"matchCriteriaId": "652F5027-4436-458C-84FD-7AD89B489BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:23.10:*:*:*:*:*:*:*",
"matchCriteriaId": "602CE21C-E1A9-4407-A504-CF4E58F596F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "705DA51B-6A6E-422D-9A22-0DB86836EA0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:iphone_se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91A20702-427E-4876-9DEE-E244F39A2E79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:12.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "15DDFC77-1ACB-4092-A1C3-623DE3CC980C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:macbook_air:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "B649B9E4-91D9-4712-8E2A-9246E17D19CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:13.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CECFF66D-DDF3-4492-85BE-79B57E7AAE9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:macbook_pro:m2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C6A9E0-6DDD-4E64-97B0-47C69A865C0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4117208-4072-4F4C-AC42-97683B6F8FF5",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00FC779B-E45C-4B34-976F-490C38C22C67",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD",
"versionEndExcluding": "14.2",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue."
},
{
"lang": "es",
"value": "Bluetooth HID Hosts in BlueZ pueden permitir que un dispositivo HID con funci\u00f3n perif\u00e9rica no autenticada inicie y establezca una conexi\u00f3n cifrada y acepte informes de teclado HID, lo que potencialmente permite la inyecci\u00f3n de mensajes HID cuando no se ha producido ninguna interacci\u00f3n del usuario en la funci\u00f3n central para autorizar dicho acceso. Un ejemplo de paquete afectado es bluez 5.64-0ubuntu1 en Ubuntu 22.04LTS. NOTA: en algunos casos, una mitigaci\u00f3n CVE-2020-0556 ya habr\u00eda solucionado este problema de hosts HID Bluetooth."
}
],
"id": "CVE-2023-45866",
"lastModified": "2024-12-12T14:33:00.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-08T06:15:45.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://bluetooth.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202401-03"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT214035"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT214036"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2023/dsa-5584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://bluetooth.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT214035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT214036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2023/dsa-5584"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-25 11:15
Modified
2024-10-28 21:35
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| dsap-vuln-management@google.com | https://source.android.com/security/bulletin/pixel/2024-10-01 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | * | ||
| pixel | - | ||
| pixel_2 | - | ||
| pixel_2_xl | - | ||
| pixel_3 | - | ||
| pixel_3_xl | - | ||
| pixel_3a | - | ||
| pixel_3a_xl | - | ||
| pixel_4 | - | ||
| pixel_4_xl | - | ||
| pixel_4a | - | ||
| pixel_4a_5g | - | ||
| pixel_5 | - | ||
| pixel_5a | - | ||
| pixel_6 | - | ||
| pixel_6_pro | - | ||
| pixel_6a | - | ||
| pixel_7 | - | ||
| pixel_7_pro | - | ||
| pixel_7a | - | ||
| pixel_8 | - | ||
| pixel_8_pro | - | ||
| pixel_8a | - | ||
| pixel_9 | - | ||
| pixel_9_pro | - | ||
| pixel_9_pro_fold | - | ||
| pixel_c | - | ||
| pixel_fold | - | ||
| pixel_pro_xl | - | ||
| pixel_slate | - | ||
| pixel_tablet | - | ||
| pixel_xl | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1716AE3-39FD-430C-9B82-FDDEB29775B8",
"versionEndExcluding": "2024-10-05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B17D3A78-87DD-44CD-AB11-3E42AEB1A1D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B76B2AD-52E2-41D2-82D7-557DC32E064F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_2_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50F1BE2A-DC55-4AC2-8272-FC793CB93B48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95B55D72-61F8-4957-9C3D-8009C6966F40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "128E8B67-E19C-4C1A-B7FB-081ACDB243C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F56191C-4FF1-4309-9169-AA83CF2F23F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3a_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59B24F-5624-4BCB-985A-2CC9987EA69C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EFE6CB-CAFD-4F38-8548-A19A0FBFECC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BF63E4-BD56-40F9-AA33-5EB5D1D2A7BE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E49FC5D-ACC7-498F-88E9-293AB276CF63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4a_5g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3936C02-6FC1-4B53-A54E-C49DBEFBC17A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821F3393-1034-4812-A091-D753EDA59E60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_5a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD673E4-9A74-4029-9E99-F741711A529C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C27C4FD0-E67A-4D54-A00A-BDD59AAABB4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBDD7EC-7E2D-4703-9CE8-8B2422146F6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99FFC9C6-24A6-4479-8DA1-93DA62C89048",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1347ED-56D0-4AF8-92D8-D4E427B5A1CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23904900-3001-4EA1-9A6C-C8F7EB2D3C42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C74EE811-A472-4509-A52F-34EE65FEDE7B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7669A258-53B3-4599-B304-A99C47278583",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E43578F-1598-4343-AC12-B71DE4E33C50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF365A22-58DA-4D98-ADF0-FFD566BD62B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D7038F-BF44-45ED-8C35-6DD98D72A043",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0889AF-7B08-42CE-A721-87D99B9F27CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9_pro_fold:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3485B56E-3A9C-4960-B58E-CE5291BD66CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9526852E-8BF4-42AA-A9BC-84FEC564B871",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_fold:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05242EED-D230-4968-A0B1-1472D6D645D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_pro_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0EF14B-06EF-4229-8364-7049A6E53D32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_slate:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A412160-3367-4945-BD00-A0D730C271CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_tablet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "831D6339-087B-4CFA-9AF7-FBE6FB5F7E00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1674845A-B3D0-43E2-98FC-06E29A3C6A77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488."
},
{
"lang": "es",
"value": "Android anterior al 2024-10-05 en los dispositivos Google Pixel permite la divulgaci\u00f3n de informaci\u00f3n en el componente ABL, A-331966488."
}
],
"id": "CVE-2024-47020",
"lastModified": "2024-10-28T21:35:17.183",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-10-25T11:15:16.843",
"references": [
{
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
}
],
"sourceIdentifier": "dsap-vuln-management@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}