Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-0015 (GCVE-0-2025-0015)
Vulnerability from cvelistv5 – Published: 2025-02-03 10:21 – Updated: 2025-02-03 15:49
VLAI?
EPSS
Summary
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0; Arm 5th Gen GPU Architecture Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Arm Ltd | Valhall GPU Kernel Driver |
Affected:
r48p0 , ≤ r49p1
(patch)
Affected: r50p0 , ≤ r52p0 (patch) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-0015",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T15:48:21.279663Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T15:49:50.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Valhall GPU Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"changes": [
{
"at": "r49p2",
"status": "unaffected"
}
],
"lessThanOrEqual": "r49p1",
"status": "affected",
"version": "r48p0",
"versionType": "patch"
},
{
"changes": [
{
"at": "r53p0",
"status": "unaffected"
}
],
"lessThanOrEqual": "r52p0",
"status": "affected",
"version": "r50p0",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Arm 5th Gen GPU Architecture Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"changes": [
{
"at": "r49p2",
"status": "unaffected"
}
],
"lessThanOrEqual": "r49p1",
"status": "affected",
"version": "r48p0",
"versionType": "patch"
},
{
"changes": [
{
"at": "r53p0",
"status": "unaffected"
}
],
"lessThanOrEqual": "r52p0",
"status": "affected",
"version": "r50p0",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-02-03T09:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.\u003cp\u003eThis issue affects Valhall GPU Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0; Arm 5th Gen GPU Architecture Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0.\u003c/p\u003e"
}
],
"value": "Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0; Arm 5th Gen GPU Architecture Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T10:21:12.696Z",
"orgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
"shortName": "Arm"
},
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in the Valhall and Arm 5th Gen GPU Architecture Kernel Driver r49p2 and r53p0. Users are recommended to upgrade if they are impacted by this issue. \u003cbr\u003e"
}
],
"value": "This issue is fixed in the Valhall and Arm 5th Gen GPU Architecture Kernel Driver r49p2 and r53p0. Users are recommended to upgrade if they are impacted by this issue."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mali GPU Kernel Driver allows improper GPU processing operations",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
"assignerShortName": "Arm",
"cveId": "CVE-2025-0015",
"datePublished": "2025-02-03T10:21:12.696Z",
"dateReserved": "2024-10-17T15:12:32.433Z",
"dateUpdated": "2025-02-03T15:49:50.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-0015\",\"sourceIdentifier\":\"arm-security@arm.com\",\"published\":\"2025-02-03T11:15:09.807\",\"lastModified\":\"2025-02-03T16:15:33.770\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0; Arm 5th Gen GPU Architecture Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad Use After Free en el controlador del kernel de GPU Valhall de Arm Ltd. El controlador del kernel de la arquitectura de GPU de quinta generaci\u00f3n de Arm Ltd permite que un proceso de usuario local sin privilegios realice operaciones de procesamiento de GPU inapropiadas para obtener acceso a la memoria ya liberada. Este problema afecta al controlador del kernel de GPU Valhall: de r48p0 a r49p1, de r50p0 a r52p0; controlador del kernel de la arquitectura de GPU de quinta generaci\u00f3n de Arm: de r48p0 a r49p1, de r50p0 a r52p0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"arm-security@arm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"references\":[{\"url\":\"https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities\",\"source\":\"arm-security@arm.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-0015\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-03T15:48:21.279663Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-03T15:48:57.153Z\"}}], \"cna\": {\"title\": \"Mali GPU Kernel Driver allows improper GPU processing operations\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"affected\": [{\"vendor\": \"Arm Ltd\", \"product\": \"Valhall GPU Kernel Driver\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"r49p2\", \"status\": \"unaffected\"}], \"version\": \"r48p0\", \"versionType\": \"patch\", \"lessThanOrEqual\": \"r49p1\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"r53p0\", \"status\": \"unaffected\"}], \"version\": \"r50p0\", \"versionType\": \"patch\", \"lessThanOrEqual\": \"r52p0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Arm Ltd\", \"product\": \"Arm 5th Gen GPU Architecture Kernel Driver\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"r49p2\", \"status\": \"unaffected\"}], \"version\": \"r48p0\", \"versionType\": \"patch\", \"lessThanOrEqual\": \"r49p1\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"r53p0\", \"status\": \"unaffected\"}], \"version\": \"r50p0\", \"versionType\": \"patch\", \"lessThanOrEqual\": \"r52p0\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"This issue is fixed in the Valhall and Arm 5th Gen GPU Architecture Kernel Driver r49p2 and r53p0. Users are recommended to upgrade if they are impacted by this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"This issue is fixed in the Valhall and Arm 5th Gen GPU Architecture Kernel Driver r49p2 and r53p0. Users are recommended to upgrade if they are impacted by this issue. \u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2025-02-03T09:30:00.000Z\", \"references\": [{\"url\": \"https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0; Arm 5th Gen GPU Architecture Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.\u003cp\u003eThis issue affects Valhall GPU Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0; Arm 5th Gen GPU Architecture Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"56a131ea-b967-4a0d-a41e-5f3549952846\", \"shortName\": \"Arm\", \"dateUpdated\": \"2025-02-03T10:21:12.696Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-0015\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-03T15:49:50.132Z\", \"dateReserved\": \"2024-10-17T15:12:32.433Z\", \"assignerOrgId\": \"56a131ea-b967-4a0d-a41e-5f3549952846\", \"datePublished\": \"2025-02-03T10:21:12.696Z\", \"assignerShortName\": \"Arm\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
NCSC-2025-0039
Vulnerability from csaf_ncscnl - Published: 2025-02-04 09:13 - Updated: 2025-02-04 09:13Summary
Kwetsbaarheden verholpen in Google Android en Samsung Mobile
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Google heeft kwetsbaarheden verholpen in Android. In deze update zijn ook updates meegenomen voor closed-source componenten van Qualcomm, Imagination Technologies, Unisoc en MediaTek.
Samsung heeft kwetsbaarheden in Samsung Mobile verholpen die relevant zijn voor Samsung mobile devices.
Interpretaties
De kwetsbaarheden omvatten onder andere lokale informatie openbaarmaking door ongeautoriseerde toegang tot afbeeldingen van andere gebruikers, en een gebrek aan juiste privilegebeheer dat kan leiden tot ongeautoriseerde toegang en controle over apparaten. Deze kwetsbaarheden kunnen worden misbruikt zonder dat er extra uitvoeringsprivileges of gebruikersinteractie nodig zijn, wat de impact op de privacy en gegevensintegriteit van gebruikers aanzienlijk vergroot.
Oplossingen
Google heeft updates uitgebracht om de kwetsbaarheden te verhelpen in Android 12,13,14 en 15.
Samsung heeft updates uitgebracht om kwetsbaarheden die relevant zijn voor Samsung Mobile devices te verhelpen.
Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-123
Write-what-where Condition
CWE-922
Insecure Storage of Sensitive Information
CWE-126
Buffer Over-read
CWE-823
Use of Out-of-range Pointer Offset
CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE-129
Improper Validation of Array Index
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-862
Missing Authorization
CWE-416
Use After Free
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-20
Improper Input Validation
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Google heeft kwetsbaarheden verholpen in Android. In deze update zijn ook updates meegenomen voor closed-source componenten van Qualcomm, Imagination Technologies, Unisoc en MediaTek.\n\nSamsung heeft kwetsbaarheden in Samsung Mobile verholpen die relevant zijn voor Samsung mobile devices.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten onder andere lokale informatie openbaarmaking door ongeautoriseerde toegang tot afbeeldingen van andere gebruikers, en een gebrek aan juiste privilegebeheer dat kan leiden tot ongeautoriseerde toegang en controle over apparaten. Deze kwetsbaarheden kunnen worden misbruikt zonder dat er extra uitvoeringsprivileges of gebruikersinteractie nodig zijn, wat de impact op de privacy en gegevensintegriteit van gebruikers aanzienlijk vergroot.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Google heeft updates uitgebracht om de kwetsbaarheden te verhelpen in Android 12,13,14 en 15.\n\nSamsung heeft updates uitgebracht om kwetsbaarheden die relevant zijn voor Samsung Mobile devices te verhelpen.\n\nZie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Write-what-where Condition",
"title": "CWE-123"
},
{
"category": "general",
"text": "Insecure Storage of Sensitive Information",
"title": "CWE-922"
},
{
"category": "general",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "general",
"text": "Use of Out-of-range Pointer Offset",
"title": "CWE-823"
},
{
"category": "general",
"text": "Improper Handling of Insufficient Permissions or Privileges ",
"title": "CWE-280"
},
{
"category": "general",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=02"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://source.android.com/docs/security/bulletin/2025-02-01"
}
],
"title": "Kwetsbaarheden verholpen in Google Android en Samsung Mobile",
"tracking": {
"current_release_date": "2025-02-04T09:13:08.342699Z",
"id": "NCSC-2025-0039",
"initial_release_date": "2025-02-04T09:13:08.342699Z",
"revision_history": [
{
"date": "2025-02-04T09:13:08.342699Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "android",
"product": {
"name": "android",
"product_id": "CSAFPID-517514",
"product_identification_helper": {
"cpe": "cpe:2.3:a:google:android:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "android",
"product": {
"name": "android",
"product_id": "CSAFPID-1463888",
"product_identification_helper": {
"cpe": "cpe:2.3:a:google:android:12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "android",
"product": {
"name": "android",
"product_id": "CSAFPID-1463887",
"product_identification_helper": {
"cpe": "cpe:2.3:a:google:android:12l:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "android",
"product": {
"name": "android",
"product_id": "CSAFPID-1463886",
"product_identification_helper": {
"cpe": "cpe:2.3:a:google:android:13:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "android",
"product": {
"name": "android",
"product_id": "CSAFPID-1463885",
"product_identification_helper": {
"cpe": "cpe:2.3:a:google:android:14:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "android",
"product": {
"name": "android",
"product_id": "CSAFPID-1757322",
"product_identification_helper": {
"cpe": "cpe:2.3:a:google:android:15:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "google"
},
{
"branches": [
{
"category": "product_name",
"name": "samsung_mobile_devices",
"product": {
"name": "samsung_mobile_devices",
"product_id": "CSAFPID-1725746",
"product_identification_helper": {
"cpe": "cpe:2.3:a:samsung_mobile:samsung_mobile_devices:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "samsung_mobile"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-40122",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-40122",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-40122.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2023-40122"
},
{
"cve": "CVE-2023-40133",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-40133",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-40133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2023-40133"
},
{
"cve": "CVE-2023-40134",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-40134",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-40134.json"
}
],
"title": "CVE-2023-40134"
},
{
"cve": "CVE-2023-40135",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-40135",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-40135.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2023-40135"
},
{
"cve": "CVE-2023-40136",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-40136",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-40136.json"
}
],
"title": "CVE-2023-40136"
},
{
"cve": "CVE-2023-40137",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-40137",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-40137.json"
}
],
"title": "CVE-2023-40137"
},
{
"cve": "CVE-2023-40138",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-40138",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-40138.json"
}
],
"title": "CVE-2023-40138"
},
{
"cve": "CVE-2023-40139",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-40139",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-40139.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2023-40139"
},
{
"cve": "CVE-2024-0037",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "other",
"text": "Insecure Storage of Sensitive Information",
"title": "CWE-922"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0037",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0037.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2024-0037"
},
{
"cve": "CVE-2024-20141",
"cwe": {
"id": "CWE-123",
"name": "Write-what-where Condition"
},
"notes": [
{
"category": "other",
"text": "Write-what-where Condition",
"title": "CWE-123"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-20141",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-20141.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2024-20141"
},
{
"cve": "CVE-2024-20142",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-20142",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-20142.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2024-20142"
},
{
"cve": "CVE-2024-38404",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38404",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38404.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2024-38404"
},
{
"cve": "CVE-2024-38420",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38420",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38420.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2024-38420"
},
{
"cve": "CVE-2024-39441",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39441",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39441.json"
}
],
"title": "CVE-2024-39441"
},
{
"cve": "CVE-2024-43705",
"cwe": {
"id": "CWE-280",
"name": "Improper Handling of Insufficient Permissions or Privileges "
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Insufficient Permissions or Privileges ",
"title": "CWE-280"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-43705",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-43705.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2024-43705"
},
{
"cve": "CVE-2024-45569",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45569",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45569.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2024-45569"
},
{
"cve": "CVE-2024-45571",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45571",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45571.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2024-45571"
},
{
"cve": "CVE-2024-45582",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45582",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45582.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2024-45582"
},
{
"cve": "CVE-2024-46973",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-46973",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46973.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2024-46973"
},
{
"cve": "CVE-2024-47892",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47892",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47892.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2024-47892"
},
{
"cve": "CVE-2024-49721",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-49721",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49721.json"
}
],
"title": "CVE-2024-49721"
},
{
"cve": "CVE-2024-49723",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-49723",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49723.json"
}
],
"title": "CVE-2024-49723"
},
{
"cve": "CVE-2024-49729",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-49729",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49729.json"
}
],
"title": "CVE-2024-49729"
},
{
"cve": "CVE-2024-49741",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-49741",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49741.json"
}
],
"title": "CVE-2024-49741"
},
{
"cve": "CVE-2024-49743",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-49743",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49743.json"
}
],
"title": "CVE-2024-49743"
},
{
"cve": "CVE-2024-49746",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-49746",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49746.json"
}
],
"title": "CVE-2024-49746"
},
{
"cve": "CVE-2024-49832",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-49832",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49832.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2024-49832"
},
{
"cve": "CVE-2024-49833",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-49833",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49833.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2024-49833"
},
{
"cve": "CVE-2024-49834",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-49834",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49834.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2024-49834"
},
{
"cve": "CVE-2024-49839",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-49839",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49839.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2024-49839"
},
{
"cve": "CVE-2024-49843",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-49843",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49843.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2024-49843"
},
{
"cve": "CVE-2024-52935",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"notes": [
{
"category": "other",
"text": "Use of Out-of-range Pointer Offset",
"title": "CWE-823"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52935",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52935.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2024-52935"
},
{
"cve": "CVE-2024-53104",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-53104",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-53104.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2024-53104"
},
{
"cve": "CVE-2025-0015",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-0015",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0015.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2025-0015"
},
{
"cve": "CVE-2025-0088",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-0088",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0088.json"
}
],
"title": "CVE-2025-0088"
},
{
"cve": "CVE-2025-0091",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-0091",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0091.json"
}
],
"title": "CVE-2025-0091"
},
{
"cve": "CVE-2025-0094",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-0094",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0094.json"
}
],
"title": "CVE-2025-0094"
},
{
"cve": "CVE-2025-0095",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-0095",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0095.json"
}
],
"title": "CVE-2025-0095"
},
{
"cve": "CVE-2025-0096",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-0096",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0096.json"
}
],
"title": "CVE-2025-0096"
},
{
"cve": "CVE-2025-0097",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-0097",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0097.json"
}
],
"title": "CVE-2025-0097"
},
{
"cve": "CVE-2025-0098",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-0098",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0098.json"
}
],
"title": "CVE-2025-0098"
},
{
"cve": "CVE-2025-0099",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-0099",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0099.json"
}
],
"title": "CVE-2025-0099"
},
{
"cve": "CVE-2025-0100",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-0100",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0100.json"
}
],
"title": "CVE-2025-0100"
},
{
"cve": "CVE-2025-20634",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-20634",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20634.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2025-20634"
},
{
"cve": "CVE-2025-20635",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-20635",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20635.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2025-20635"
},
{
"cve": "CVE-2025-20636",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-20636",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20636.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2025-20636"
},
{
"cve": "CVE-2025-20904",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-20904",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20904.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2025-20904"
},
{
"cve": "CVE-2025-20905",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-20905",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20905.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2025-20905"
},
{
"cve": "CVE-2025-20906",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-20906",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20906.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2025-20906"
},
{
"cve": "CVE-2025-20907",
"product_status": {
"known_affected": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-20907",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20907.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-517514",
"CSAFPID-1463888",
"CSAFPID-1463887",
"CSAFPID-1463886",
"CSAFPID-1463885",
"CSAFPID-1757322",
"CSAFPID-1725746"
]
}
],
"title": "CVE-2025-20907"
}
]
}
WID-SEC-W-2025-0251
Vulnerability from csaf_certbund - Published: 2025-02-03 23:00 - Updated: 2025-02-03 23:00Summary
Google Android: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen,, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Android
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das Android Betriebssystem ist eine quelloffene Plattform f\u00fcr mobile Ger\u00e4te. Die Basis bildet der Linux-Kernel.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen,, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Android",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0251 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0251.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0251 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0251"
},
{
"category": "external",
"summary": "Android Patchday Februar 2025 vom 2025-02-03",
"url": "https://source.android.com/docs/security/bulletin/2025-02-01"
},
{
"category": "external",
"summary": "Artikel auf BleepingComputer",
"url": "https://www.bleepingcomputer.com/news/security/google-fixes-android-kernel-zero-day-exploited-in-attacks/"
}
],
"source_lang": "en-US",
"title": "Google Android: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-02-03T23:00:00.000+00:00",
"generator": {
"date": "2025-02-04T10:15:03.837+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2025-0251",
"initial_release_date": "2025-02-03T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-02-03T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "12",
"product": {
"name": "Google Android 12",
"product_id": "T040744",
"product_identification_helper": {
"cpe": "cpe:/o:google:android:12"
}
}
},
{
"category": "product_version",
"name": "12L",
"product": {
"name": "Google Android 12L",
"product_id": "T040745",
"product_identification_helper": {
"cpe": "cpe:/o:google:android:12l"
}
}
},
{
"category": "product_version",
"name": "13",
"product": {
"name": "Google Android 13",
"product_id": "T040746",
"product_identification_helper": {
"cpe": "cpe:/o:google:android:13"
}
}
},
{
"category": "product_version",
"name": "14",
"product": {
"name": "Google Android 14",
"product_id": "T040747",
"product_identification_helper": {
"cpe": "cpe:/o:google:android:14"
}
}
},
{
"category": "product_version",
"name": "15",
"product": {
"name": "Google Android 15",
"product_id": "T040748",
"product_identification_helper": {
"cpe": "cpe:/o:google:android:15"
}
}
}
],
"category": "product_name",
"name": "Android"
}
],
"category": "vendor",
"name": "Google"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-40122",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2023-40122"
},
{
"cve": "CVE-2023-40133",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2023-40133"
},
{
"cve": "CVE-2023-40134",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2023-40134"
},
{
"cve": "CVE-2023-40135",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2023-40135"
},
{
"cve": "CVE-2023-40136",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2023-40136"
},
{
"cve": "CVE-2023-40137",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2023-40137"
},
{
"cve": "CVE-2023-40138",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2023-40138"
},
{
"cve": "CVE-2023-40139",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2023-40139"
},
{
"cve": "CVE-2024-0037",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-0037"
},
{
"cve": "CVE-2024-20141",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-20141"
},
{
"cve": "CVE-2024-20142",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-20142"
},
{
"cve": "CVE-2024-38404",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-38404"
},
{
"cve": "CVE-2024-38420",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-38420"
},
{
"cve": "CVE-2024-39441",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-39441"
},
{
"cve": "CVE-2024-43705",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-43705"
},
{
"cve": "CVE-2024-45569",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-45569"
},
{
"cve": "CVE-2024-45571",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-45571"
},
{
"cve": "CVE-2024-45582",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-45582"
},
{
"cve": "CVE-2024-46973",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-46973"
},
{
"cve": "CVE-2024-47892",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-47892"
},
{
"cve": "CVE-2024-49721",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-49721"
},
{
"cve": "CVE-2024-49723",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-49723"
},
{
"cve": "CVE-2024-49729",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-49729"
},
{
"cve": "CVE-2024-49741",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-49741"
},
{
"cve": "CVE-2024-49743",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-49743"
},
{
"cve": "CVE-2024-49746",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-49746"
},
{
"cve": "CVE-2024-49832",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-49832"
},
{
"cve": "CVE-2024-49833",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-49833"
},
{
"cve": "CVE-2024-49834",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-49834"
},
{
"cve": "CVE-2024-49839",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-49839"
},
{
"cve": "CVE-2024-49843",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-49843"
},
{
"cve": "CVE-2024-52935",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-52935"
},
{
"cve": "CVE-2024-53104",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2024-53104"
},
{
"cve": "CVE-2025-0015",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2025-0015"
},
{
"cve": "CVE-2025-0088",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2025-0088"
},
{
"cve": "CVE-2025-0091",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2025-0091"
},
{
"cve": "CVE-2025-0094",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2025-0094"
},
{
"cve": "CVE-2025-0095",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2025-0095"
},
{
"cve": "CVE-2025-0096",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2025-0096"
},
{
"cve": "CVE-2025-0097",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2025-0097"
},
{
"cve": "CVE-2025-0098",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2025-0098"
},
{
"cve": "CVE-2025-0099",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2025-0099"
},
{
"cve": "CVE-2025-0100",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2025-0100"
},
{
"cve": "CVE-2025-20634",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2025-20634"
},
{
"cve": "CVE-2025-20635",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2025-20635"
},
{
"cve": "CVE-2025-20636",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Schwachstellen bestehen in mehreren Komponenten, darunter das Framework, das System, die Plattform, Google Play und die Arm-Komponenten, unter anderem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T040748",
"T040747",
"T040746",
"T040745",
"T040744"
]
},
"release_date": "2025-02-03T23:00:00.000+00:00",
"title": "CVE-2025-20636"
}
]
}
CERTFR-2025-AVI-0091
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Google indique que la vulnérabilité CVE-2024-53104 est activement exploitée dans le cadre d'attaques ciblées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Android versions 12, 12L, 13, 14 et 15 sans le correctif de s\u00e9curit\u00e9 du 3 f\u00e9vrier 2025",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0094"
},
{
"name": "CVE-2024-49721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49721"
},
{
"name": "CVE-2024-49723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49723"
},
{
"name": "CVE-2024-49839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49839"
},
{
"name": "CVE-2024-49746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49746"
},
{
"name": "CVE-2023-40136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40136"
},
{
"name": "CVE-2025-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0015"
},
{
"name": "CVE-2024-47892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47892"
},
{
"name": "CVE-2024-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45582"
},
{
"name": "CVE-2023-40138",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40138"
},
{
"name": "CVE-2023-40135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40135"
},
{
"name": "CVE-2024-49843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49843"
},
{
"name": "CVE-2023-40139",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40139"
},
{
"name": "CVE-2023-40122",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40122"
},
{
"name": "CVE-2025-0088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0088"
},
{
"name": "CVE-2024-49832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49832"
},
{
"name": "CVE-2024-49729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49729"
},
{
"name": "CVE-2025-20635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20635"
},
{
"name": "CVE-2025-0097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0097"
},
{
"name": "CVE-2025-0091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0091"
},
{
"name": "CVE-2024-49743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49743"
},
{
"name": "CVE-2024-52935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52935"
},
{
"name": "CVE-2024-46973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46973"
},
{
"name": "CVE-2024-20141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20141"
},
{
"name": "CVE-2024-39441",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39441"
},
{
"name": "CVE-2023-40134",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40134"
},
{
"name": "CVE-2024-0037",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0037"
},
{
"name": "CVE-2024-45571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45571"
},
{
"name": "CVE-2024-45569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45569"
},
{
"name": "CVE-2025-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0096"
},
{
"name": "CVE-2024-49833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49833"
},
{
"name": "CVE-2025-0095",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0095"
},
{
"name": "CVE-2023-40137",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40137"
},
{
"name": "CVE-2024-43705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43705"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2025-0099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0099"
},
{
"name": "CVE-2025-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20636"
},
{
"name": "CVE-2024-49834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49834"
},
{
"name": "CVE-2024-20142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20142"
},
{
"name": "CVE-2023-40133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40133"
},
{
"name": "CVE-2025-0100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0100"
},
{
"name": "CVE-2024-38404",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38404"
},
{
"name": "CVE-2025-20634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20634"
},
{
"name": "CVE-2025-0098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0098"
},
{
"name": "CVE-2024-38420",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38420"
},
{
"name": "CVE-2024-49741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49741"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0091",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.\n\nGoogle indique que la vuln\u00e9rabilit\u00e9 CVE-2024-53104 est activement exploit\u00e9e dans le cadre d\u0027attaques cibl\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": "2025-02-03",
"title": "Bulletin de s\u00e9curit\u00e9 Google Android",
"url": "https://source.android.com/docs/security/bulletin/2025-02-01?hl=fr"
}
]
}
CERTFR-2025-AVI-0091
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Google indique que la vulnérabilité CVE-2024-53104 est activement exploitée dans le cadre d'attaques ciblées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Android versions 12, 12L, 13, 14 et 15 sans le correctif de s\u00e9curit\u00e9 du 3 f\u00e9vrier 2025",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0094"
},
{
"name": "CVE-2024-49721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49721"
},
{
"name": "CVE-2024-49723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49723"
},
{
"name": "CVE-2024-49839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49839"
},
{
"name": "CVE-2024-49746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49746"
},
{
"name": "CVE-2023-40136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40136"
},
{
"name": "CVE-2025-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0015"
},
{
"name": "CVE-2024-47892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47892"
},
{
"name": "CVE-2024-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45582"
},
{
"name": "CVE-2023-40138",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40138"
},
{
"name": "CVE-2023-40135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40135"
},
{
"name": "CVE-2024-49843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49843"
},
{
"name": "CVE-2023-40139",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40139"
},
{
"name": "CVE-2023-40122",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40122"
},
{
"name": "CVE-2025-0088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0088"
},
{
"name": "CVE-2024-49832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49832"
},
{
"name": "CVE-2024-49729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49729"
},
{
"name": "CVE-2025-20635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20635"
},
{
"name": "CVE-2025-0097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0097"
},
{
"name": "CVE-2025-0091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0091"
},
{
"name": "CVE-2024-49743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49743"
},
{
"name": "CVE-2024-52935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52935"
},
{
"name": "CVE-2024-46973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46973"
},
{
"name": "CVE-2024-20141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20141"
},
{
"name": "CVE-2024-39441",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39441"
},
{
"name": "CVE-2023-40134",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40134"
},
{
"name": "CVE-2024-0037",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0037"
},
{
"name": "CVE-2024-45571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45571"
},
{
"name": "CVE-2024-45569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45569"
},
{
"name": "CVE-2025-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0096"
},
{
"name": "CVE-2024-49833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49833"
},
{
"name": "CVE-2025-0095",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0095"
},
{
"name": "CVE-2023-40137",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40137"
},
{
"name": "CVE-2024-43705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43705"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2025-0099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0099"
},
{
"name": "CVE-2025-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20636"
},
{
"name": "CVE-2024-49834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49834"
},
{
"name": "CVE-2024-20142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20142"
},
{
"name": "CVE-2023-40133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40133"
},
{
"name": "CVE-2025-0100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0100"
},
{
"name": "CVE-2024-38404",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38404"
},
{
"name": "CVE-2025-20634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20634"
},
{
"name": "CVE-2025-0098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0098"
},
{
"name": "CVE-2024-38420",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38420"
},
{
"name": "CVE-2024-49741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49741"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0091",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.\n\nGoogle indique que la vuln\u00e9rabilit\u00e9 CVE-2024-53104 est activement exploit\u00e9e dans le cadre d\u0027attaques cibl\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": "2025-02-03",
"title": "Bulletin de s\u00e9curit\u00e9 Google Android",
"url": "https://source.android.com/docs/security/bulletin/2025-02-01?hl=fr"
}
]
}
FKIE_CVE-2025-0015
Vulnerability from fkie_nvd - Published: 2025-02-03 11:15 - Updated: 2025-02-03 16:15
Severity ?
Summary
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0; Arm 5th Gen GPU Architecture Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0; Arm 5th Gen GPU Architecture Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0."
},
{
"lang": "es",
"value": "Vulnerabilidad Use After Free en el controlador del kernel de GPU Valhall de Arm Ltd. El controlador del kernel de la arquitectura de GPU de quinta generaci\u00f3n de Arm Ltd permite que un proceso de usuario local sin privilegios realice operaciones de procesamiento de GPU inapropiadas para obtener acceso a la memoria ya liberada. Este problema afecta al controlador del kernel de GPU Valhall: de r48p0 a r49p1, de r50p0 a r52p0; controlador del kernel de la arquitectura de GPU de quinta generaci\u00f3n de Arm: de r48p0 a r49p1, de r50p0 a r52p0."
}
],
"id": "CVE-2025-0015",
"lastModified": "2025-02-03T16:15:33.770",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-03T11:15:09.807",
"references": [
{
"source": "arm-security@arm.com",
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
],
"sourceIdentifier": "arm-security@arm.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "arm-security@arm.com",
"type": "Secondary"
}
]
}
GHSA-QFC2-WXRW-H7H2
Vulnerability from github – Published: 2025-02-03 12:31 – Updated: 2025-02-03 18:30
VLAI?
Details
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0; Arm 5th Gen GPU Architecture Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2025-0015"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-03T11:15:09Z",
"severity": "HIGH"
},
"details": "Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0; Arm 5th Gen GPU Architecture Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0.",
"id": "GHSA-qfc2-wxrw-h7h2",
"modified": "2025-02-03T18:30:41Z",
"published": "2025-02-03T12:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0015"
},
{
"type": "WEB",
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…