Version Android 12.0, 13.0, 14.0

CVE-2024-20045

In audio, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08024748; Issue ID: ALPS08029526.

LOW CVSS 2.3 Published Apr 01, 2024

CVE-2024-20005

In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355599; Issue ID: ALPS08355599.

UNKNOWN CVSS 8.2 Published Mar 04, 2024

CVE-2024-20009

In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID: ALPS08441150.

UNKNOWN Published Feb 05, 2024

CVE-2024-20007

In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369.

UNKNOWN CVSS 7.5 Published Feb 05, 2024