All the vulnerabilites related to google - pixel_6
Vulnerability from fkie_nvd
Published
2023-12-08 06:15
Modified
2024-12-12 14:33
Severity ?
Summary
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 4.2.2 | ||
| bluproducts | dash | 3.5 | |
| android | 6.0.1 | ||
| nexus_5 | - | ||
| android | 10.0 | ||
| android | 11.0 | ||
| pixel_2 | - | ||
| android | 13.0 | ||
| pixel_4a | - | ||
| pixel_6 | - | ||
| android | 14.0 | ||
| pixel_7 | - | ||
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| canonical | ubuntu_linux | 22.04 | |
| canonical | ubuntu_linux | 23.10 | |
| apple | iphone_os | 16.6 | |
| apple | iphone_se | - | |
| apple | macos | 12.6.7 | |
| apple | macbook_air | 2017 | |
| apple | macos | 13.3.3 | |
| apple | macbook_pro | m2 | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| apple | ipados | * | |
| apple | iphone_os | * | |
| apple | macos | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bluproducts:dash:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "025AACE2-2B3F-4ACD-B187-22ED8CDF8BAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:nexus_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25DB8689-116F-49B5-91F5-BCBA8854BD42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B76B2AD-52E2-41D2-82D7-557DC32E064F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel_4a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E49FC5D-ACC7-498F-88E9-293AB276CF63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C27C4FD0-E67A-4D54-A00A-BDD59AAABB4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1347ED-56D0-4AF8-92D8-D4E427B5A1CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:-:*:*:*",
"matchCriteriaId": "652F5027-4436-458C-84FD-7AD89B489BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:23.10:*:*:*:*:*:*:*",
"matchCriteriaId": "602CE21C-E1A9-4407-A504-CF4E58F596F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "705DA51B-6A6E-422D-9A22-0DB86836EA0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:iphone_se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91A20702-427E-4876-9DEE-E244F39A2E79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:12.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "15DDFC77-1ACB-4092-A1C3-623DE3CC980C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:macbook_air:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "B649B9E4-91D9-4712-8E2A-9246E17D19CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:13.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CECFF66D-DDF3-4492-85BE-79B57E7AAE9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:macbook_pro:m2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C6A9E0-6DDD-4E64-97B0-47C69A865C0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4117208-4072-4F4C-AC42-97683B6F8FF5",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00FC779B-E45C-4B34-976F-490C38C22C67",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD",
"versionEndExcluding": "14.2",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue."
},
{
"lang": "es",
"value": "Bluetooth HID Hosts in BlueZ pueden permitir que un dispositivo HID con funci\u00f3n perif\u00e9rica no autenticada inicie y establezca una conexi\u00f3n cifrada y acepte informes de teclado HID, lo que potencialmente permite la inyecci\u00f3n de mensajes HID cuando no se ha producido ninguna interacci\u00f3n del usuario en la funci\u00f3n central para autorizar dicho acceso. Un ejemplo de paquete afectado es bluez 5.64-0ubuntu1 en Ubuntu 22.04LTS. NOTA: en algunos casos, una mitigaci\u00f3n CVE-2020-0556 ya habr\u00eda solucionado este problema de hosts HID Bluetooth."
}
],
"id": "CVE-2023-45866",
"lastModified": "2024-12-12T14:33:00.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-08T06:15:45.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://bluetooth.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202401-03"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT214035"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT214036"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2023/dsa-5584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://bluetooth.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT214035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT214036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2023/dsa-5584"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-27 15:19
Modified
2024-11-21 08:25
Severity ?
Summary
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 22.04 | |
| amd | ryzen_7_4800u | - | |
| intel | core_i7-10510u | - | |
| intel | core_i7-12700k | - | |
| intel | core_i7-8700 | - | |
| microsoft | windows_11 | - | |
| intel | core_i7-10610u | - | |
| microsoft | windows_11 | - | |
| intel | core_i7-11800h | - | |
| nvidia | geforce_rtx_3060 | - | |
| microsoft | windows_10 | - | |
| amd | ryzen_5_7600x | - | |
| nvidia | geforce_rtx_2080_super | - | |
| apple | macos | 13.1 | |
| apple | m1_mac_mini | - | |
| android | 13.0 | ||
| pixel_6 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:ryzen_7_4800u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D1E9A6F-7339-4679-B83B-87BC1BEEFA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7-10510u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "494A828B-F2BF-40CA-AAFB-7D2AF2BAF3AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7-12700k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF502AE-BD3F-461B-9476-FB04818DA1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7-8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04076FFA-D74F-4501-9921-D8EBDF97CD20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:professional:*:*:*",
"matchCriteriaId": "45ED814C-867A-4365-BE5F-4139DF1A60F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:core_i7-10610u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D974FFFD-BBCC-444C-9EF1-AE478EEDB6E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:home:*:*:*",
"matchCriteriaId": "BA83E0AD-5158-4BE3-9DF7-1803D4E70292",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:core_i7-11800h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FDB568-5340-4DD8-B933-1CD64C370BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_rtx_3060:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCBCF01F-EA62-4733-9E6D-E72439C4B65A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:pro:*:*:*",
"matchCriteriaId": "4F43060F-72D2-4417-A495-49D62044EC8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:ryzen_5_7600x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C05D51F-469D-487D-9FC8-E1AD699A6F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nvidia:geforce_rtx_2080_super:-:*:*:*:*:*:*:*",
"matchCriteriaId": "633AB383-A5D6-4F0F-A973-FE777117A856",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D95E6469-A678-47A5-A162-259FE0325CA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:m1_mac_mini:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F186A650-BC3B-4D43-B177-DC98BFD82DD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C27C4FD0-E67A-4D54-A00A-BDD59AAABB4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin."
},
{
"lang": "es",
"value": "PVRIC (PowerVR Image Compression) en Imagination 2018 y dispositivos GPU posteriores ofrece compresi\u00f3n transparente por software que permite ataques de robo de p\u00edxeles de origen cruzado contra feTurbulence y feBlend en la especificaci\u00f3n del filtro SVG, tambi\u00e9n conocido como un problema GPU.zip. Por ejemplo, los atacantes a veces pueden determinar con precisi\u00f3n el texto contenido en una p\u00e1gina web de un origen si controlan un recurso de un origen diferente."
}
],
"id": "CVE-2023-44216",
"lastModified": "2024-11-21T08:25:27.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-27T15:19:39.583",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
],
"url": "https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level/"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
],
"url": "https://blog.imaginationtech.com/reducing-bandwidth-pvric/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/UT-Security/gpu-zip"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37663159"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
],
"url": "https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://www.hertzbleed.com/gpu.zip/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.w3.org/TR/filter-effects-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage"
],
"url": "https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage"
],
"url": "https://blog.imaginationtech.com/reducing-bandwidth-pvric/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/UT-Security/gpu-zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37663159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage"
],
"url": "https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://www.hertzbleed.com/gpu.zip/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.w3.org/TR/filter-effects-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-25 11:15
Modified
2024-10-28 21:35
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| dsap-vuln-management@google.com | https://source.android.com/security/bulletin/pixel/2024-10-01 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | * | ||
| pixel | - | ||
| pixel_2 | - | ||
| pixel_2_xl | - | ||
| pixel_3 | - | ||
| pixel_3_xl | - | ||
| pixel_3a | - | ||
| pixel_3a_xl | - | ||
| pixel_4 | - | ||
| pixel_4_xl | - | ||
| pixel_4a | - | ||
| pixel_4a_5g | - | ||
| pixel_5 | - | ||
| pixel_5a | - | ||
| pixel_6 | - | ||
| pixel_6_pro | - | ||
| pixel_6a | - | ||
| pixel_7 | - | ||
| pixel_7_pro | - | ||
| pixel_7a | - | ||
| pixel_8 | - | ||
| pixel_8_pro | - | ||
| pixel_8a | - | ||
| pixel_9 | - | ||
| pixel_9_pro | - | ||
| pixel_9_pro_fold | - | ||
| pixel_c | - | ||
| pixel_fold | - | ||
| pixel_pro_xl | - | ||
| pixel_slate | - | ||
| pixel_tablet | - | ||
| pixel_xl | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1716AE3-39FD-430C-9B82-FDDEB29775B8",
"versionEndExcluding": "2024-10-05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B17D3A78-87DD-44CD-AB11-3E42AEB1A1D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B76B2AD-52E2-41D2-82D7-557DC32E064F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_2_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50F1BE2A-DC55-4AC2-8272-FC793CB93B48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95B55D72-61F8-4957-9C3D-8009C6966F40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "128E8B67-E19C-4C1A-B7FB-081ACDB243C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F56191C-4FF1-4309-9169-AA83CF2F23F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3a_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59B24F-5624-4BCB-985A-2CC9987EA69C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EFE6CB-CAFD-4F38-8548-A19A0FBFECC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BF63E4-BD56-40F9-AA33-5EB5D1D2A7BE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E49FC5D-ACC7-498F-88E9-293AB276CF63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4a_5g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3936C02-6FC1-4B53-A54E-C49DBEFBC17A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821F3393-1034-4812-A091-D753EDA59E60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_5a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD673E4-9A74-4029-9E99-F741711A529C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C27C4FD0-E67A-4D54-A00A-BDD59AAABB4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBDD7EC-7E2D-4703-9CE8-8B2422146F6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99FFC9C6-24A6-4479-8DA1-93DA62C89048",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1347ED-56D0-4AF8-92D8-D4E427B5A1CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23904900-3001-4EA1-9A6C-C8F7EB2D3C42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C74EE811-A472-4509-A52F-34EE65FEDE7B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7669A258-53B3-4599-B304-A99C47278583",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E43578F-1598-4343-AC12-B71DE4E33C50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF365A22-58DA-4D98-ADF0-FFD566BD62B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D7038F-BF44-45ED-8C35-6DD98D72A043",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0889AF-7B08-42CE-A721-87D99B9F27CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9_pro_fold:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3485B56E-3A9C-4960-B58E-CE5291BD66CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9526852E-8BF4-42AA-A9BC-84FEC564B871",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_fold:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05242EED-D230-4968-A0B1-1472D6D645D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_pro_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0EF14B-06EF-4229-8364-7049A6E53D32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_slate:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A412160-3367-4945-BD00-A0D730C271CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_tablet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "831D6339-087B-4CFA-9AF7-FBE6FB5F7E00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1674845A-B3D0-43E2-98FC-06E29A3C6A77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488."
},
{
"lang": "es",
"value": "Android anterior al 2024-10-05 en los dispositivos Google Pixel permite la divulgaci\u00f3n de informaci\u00f3n en el componente ABL, A-331966488."
}
],
"id": "CVE-2024-47020",
"lastModified": "2024-10-28T21:35:17.183",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-10-25T11:15:16.843",
"references": [
{
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
}
],
"sourceIdentifier": "dsap-vuln-management@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-25 11:15
Modified
2024-10-28 21:35
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| dsap-vuln-management@google.com | https://source.android.com/security/bulletin/pixel/2024-10-01 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | * | ||
| pixel | - | ||
| pixel_2 | - | ||
| pixel_2_xl | - | ||
| pixel_3 | - | ||
| pixel_3_xl | - | ||
| pixel_3a | - | ||
| pixel_3a_xl | - | ||
| pixel_4 | - | ||
| pixel_4_xl | - | ||
| pixel_4a | - | ||
| pixel_4a_5g | - | ||
| pixel_5 | - | ||
| pixel_5a | - | ||
| pixel_6 | - | ||
| pixel_6_pro | - | ||
| pixel_6a | - | ||
| pixel_7 | - | ||
| pixel_7_pro | - | ||
| pixel_7a | - | ||
| pixel_8 | - | ||
| pixel_8_pro | - | ||
| pixel_8a | - | ||
| pixel_9 | - | ||
| pixel_9_pro | - | ||
| pixel_9_pro_fold | - | ||
| pixel_c | - | ||
| pixel_fold | - | ||
| pixel_pro_xl | - | ||
| pixel_slate | - | ||
| pixel_tablet | - | ||
| pixel_xl | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1716AE3-39FD-430C-9B82-FDDEB29775B8",
"versionEndExcluding": "2024-10-05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B17D3A78-87DD-44CD-AB11-3E42AEB1A1D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B76B2AD-52E2-41D2-82D7-557DC32E064F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_2_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50F1BE2A-DC55-4AC2-8272-FC793CB93B48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95B55D72-61F8-4957-9C3D-8009C6966F40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "128E8B67-E19C-4C1A-B7FB-081ACDB243C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F56191C-4FF1-4309-9169-AA83CF2F23F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3a_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59B24F-5624-4BCB-985A-2CC9987EA69C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EFE6CB-CAFD-4F38-8548-A19A0FBFECC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BF63E4-BD56-40F9-AA33-5EB5D1D2A7BE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E49FC5D-ACC7-498F-88E9-293AB276CF63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4a_5g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3936C02-6FC1-4B53-A54E-C49DBEFBC17A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821F3393-1034-4812-A091-D753EDA59E60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_5a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD673E4-9A74-4029-9E99-F741711A529C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C27C4FD0-E67A-4D54-A00A-BDD59AAABB4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBDD7EC-7E2D-4703-9CE8-8B2422146F6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99FFC9C6-24A6-4479-8DA1-93DA62C89048",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1347ED-56D0-4AF8-92D8-D4E427B5A1CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23904900-3001-4EA1-9A6C-C8F7EB2D3C42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C74EE811-A472-4509-A52F-34EE65FEDE7B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7669A258-53B3-4599-B304-A99C47278583",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E43578F-1598-4343-AC12-B71DE4E33C50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF365A22-58DA-4D98-ADF0-FFD566BD62B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D7038F-BF44-45ED-8C35-6DD98D72A043",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0889AF-7B08-42CE-A721-87D99B9F27CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9_pro_fold:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3485B56E-3A9C-4960-B58E-CE5291BD66CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9526852E-8BF4-42AA-A9BC-84FEC564B871",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_fold:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05242EED-D230-4968-A0B1-1472D6D645D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_pro_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0EF14B-06EF-4229-8364-7049A6E53D32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_slate:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A412160-3367-4945-BD00-A0D730C271CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_tablet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "831D6339-087B-4CFA-9AF7-FBE6FB5F7E00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1674845A-B3D0-43E2-98FC-06E29A3C6A77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656."
},
{
"lang": "es",
"value": "Android anterior al 2024-10-05 en los dispositivos Google Pixel permite la divulgaci\u00f3n de informaci\u00f3n en el componente ACPM, A-331255656."
}
],
"id": "CVE-2024-47022",
"lastModified": "2024-10-28T21:35:18.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-10-25T11:15:16.950",
"references": [
{
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
}
],
"sourceIdentifier": "dsap-vuln-management@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-25 11:15
Modified
2024-10-28 13:50
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| dsap-vuln-management@google.com | https://source.android.com/security/bulletin/pixel/2024-10-01 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | * | ||
| pixel | - | ||
| pixel_2 | - | ||
| pixel_2_xl | - | ||
| pixel_3 | - | ||
| pixel_3_xl | - | ||
| pixel_3a | - | ||
| pixel_3a_xl | - | ||
| pixel_4 | - | ||
| pixel_4_xl | - | ||
| pixel_4a | - | ||
| pixel_4a_5g | - | ||
| pixel_5 | - | ||
| pixel_5a | - | ||
| pixel_6 | - | ||
| pixel_6_pro | - | ||
| pixel_6a | - | ||
| pixel_7 | - | ||
| pixel_7_pro | - | ||
| pixel_7a | - | ||
| pixel_8 | - | ||
| pixel_8_pro | - | ||
| pixel_8a | - | ||
| pixel_9 | - | ||
| pixel_9_pro | - | ||
| pixel_9_pro_fold | - | ||
| pixel_c | - | ||
| pixel_fold | - | ||
| pixel_pro_xl | - | ||
| pixel_slate | - | ||
| pixel_tablet | - | ||
| pixel_xl | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1716AE3-39FD-430C-9B82-FDDEB29775B8",
"versionEndExcluding": "2024-10-05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B17D3A78-87DD-44CD-AB11-3E42AEB1A1D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B76B2AD-52E2-41D2-82D7-557DC32E064F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_2_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50F1BE2A-DC55-4AC2-8272-FC793CB93B48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95B55D72-61F8-4957-9C3D-8009C6966F40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "128E8B67-E19C-4C1A-B7FB-081ACDB243C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F56191C-4FF1-4309-9169-AA83CF2F23F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_3a_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59B24F-5624-4BCB-985A-2CC9987EA69C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EFE6CB-CAFD-4F38-8548-A19A0FBFECC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BF63E4-BD56-40F9-AA33-5EB5D1D2A7BE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E49FC5D-ACC7-498F-88E9-293AB276CF63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_4a_5g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3936C02-6FC1-4B53-A54E-C49DBEFBC17A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821F3393-1034-4812-A091-D753EDA59E60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_5a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD673E4-9A74-4029-9E99-F741711A529C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C27C4FD0-E67A-4D54-A00A-BDD59AAABB4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBDD7EC-7E2D-4703-9CE8-8B2422146F6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99FFC9C6-24A6-4479-8DA1-93DA62C89048",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1347ED-56D0-4AF8-92D8-D4E427B5A1CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23904900-3001-4EA1-9A6C-C8F7EB2D3C42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_7a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C74EE811-A472-4509-A52F-34EE65FEDE7B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7669A258-53B3-4599-B304-A99C47278583",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E43578F-1598-4343-AC12-B71DE4E33C50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_8a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF365A22-58DA-4D98-ADF0-FFD566BD62B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D7038F-BF44-45ED-8C35-6DD98D72A043",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0889AF-7B08-42CE-A721-87D99B9F27CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_9_pro_fold:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3485B56E-3A9C-4960-B58E-CE5291BD66CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9526852E-8BF4-42AA-A9BC-84FEC564B871",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_fold:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05242EED-D230-4968-A0B1-1472D6D645D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_pro_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0EF14B-06EF-4229-8364-7049A6E53D32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_slate:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A412160-3367-4945-BD00-A0D730C271CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_tablet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "831D6339-087B-4CFA-9AF7-FBE6FB5F7E00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1674845A-B3D0-43E2-98FC-06E29A3C6A77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545."
},
{
"lang": "es",
"value": "Android anterior al 2024-10-05 en los dispositivos Google Pixel permite la divulgaci\u00f3n de informaci\u00f3n en el componente del m\u00f3dem, A-299774545."
}
],
"id": "CVE-2024-44100",
"lastModified": "2024-10-28T13:50:50.743",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-10-25T11:15:16.293",
"references": [
{
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
}
],
"sourceIdentifier": "dsap-vuln-management@google.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
cve-2024-44100
Vulnerability from cvelistv5
Published
2024-10-25 10:34
Modified
2024-10-25 18:46
Severity ?
EPSS score ?
Summary
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "android_kernel"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-44100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T18:43:22.487800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T18:46:51.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:37:00.000Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-44100",
"datePublished": "2024-10-25T10:34:03.553Z",
"dateReserved": "2024-08-19T16:32:38.651Z",
"dateUpdated": "2024-10-25T18:46:51.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-44216
Vulnerability from cvelistv5
Published
2023-09-26 00:00
Modified
2024-09-24 18:11
Severity ?
EPSS score ?
Summary
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hertzbleed.com/gpu.zip/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/UT-Security/gpu-zip"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.w3.org/TR/filter-effects-1/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.imaginationtech.com/reducing-bandwidth-pvric/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level/"
},
{
"tags": [
"x_transferred"
],
"url": "https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37663159"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:imaginationtech:powervr-gpu:2018:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "powervr-gpu",
"vendor": "imaginationtech",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "2018",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44216",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:09:12.068667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:11:55.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-03T04:46:57.617853",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.hertzbleed.com/gpu.zip/"
},
{
"url": "https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf"
},
{
"url": "https://github.com/UT-Security/gpu-zip"
},
{
"url": "https://www.w3.org/TR/filter-effects-1/"
},
{
"url": "https://blog.imaginationtech.com/reducing-bandwidth-pvric/"
},
{
"url": "https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level/"
},
{
"url": "https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/"
},
{
"url": "https://news.ycombinator.com/item?id=37663159"
},
{
"url": "https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-44216",
"datePublished": "2023-09-26T00:00:00",
"dateReserved": "2023-09-26T00:00:00",
"dateUpdated": "2024-09-24T18:11:55.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47022
Vulnerability from cvelistv5
Published
2024-10-25 10:34
Modified
2024-10-28 20:17
Severity ?
EPSS score ?
Summary
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:google:pixel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pixel",
"vendor": "google",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T17:19:59.091043Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T20:17:19.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:37:00.000Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-47022",
"datePublished": "2024-10-25T10:34:05.677Z",
"dateReserved": "2024-09-16T19:14:14.859Z",
"dateUpdated": "2024-10-28T20:17:19.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45866
Vulnerability from cvelistv5
Published
2023-12-08 00:00
Modified
2024-08-02 20:29
Severity ?
EPSS score ?
Summary
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bluetooth.com"
},
{
"tags": [
"x_transferred"
],
"url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"
},
{
"name": "FEDORA-2023-6a3fe615d3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/"
},
{
"name": "FEDORA-2023-26a02512e1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214036"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214035"
},
{
"name": "20231212 APPLE-SA-12-11-2023-4 macOS Sonoma 14.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/9"
},
{
"name": "20231212 APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/7"
},
{
"name": "[debian-lts-announce] 20231215 [SECURITY] [DLA 3689-1] bluez security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html"
},
{
"name": "DSA-5584",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5584"
},
{
"name": "GLSA-202401-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-05T13:06:14.377607",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bluetooth.com"
},
{
"url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog"
},
{
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866"
},
{
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"
},
{
"name": "FEDORA-2023-6a3fe615d3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/"
},
{
"name": "FEDORA-2023-26a02512e1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/"
},
{
"url": "https://support.apple.com/kb/HT214036"
},
{
"url": "https://support.apple.com/kb/HT214035"
},
{
"name": "20231212 APPLE-SA-12-11-2023-4 macOS Sonoma 14.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/9"
},
{
"name": "20231212 APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/7"
},
{
"name": "[debian-lts-announce] 20231215 [SECURITY] [DLA 3689-1] bluez security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html"
},
{
"name": "DSA-5584",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5584"
},
{
"name": "GLSA-202401-03",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-03"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45866",
"datePublished": "2023-12-08T00:00:00",
"dateReserved": "2023-10-14T00:00:00",
"dateUpdated": "2024-08-02T20:29:32.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47020
Vulnerability from cvelistv5
Published
2024-10-25 10:34
Modified
2024-10-28 20:19
Severity ?
EPSS score ?
Summary
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T17:20:32.373490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T20:19:11.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:37:00.000Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-47020",
"datePublished": "2024-10-25T10:34:05.317Z",
"dateReserved": "2024-09-16T18:51:44.743Z",
"dateUpdated": "2024-10-28T20:19:11.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}