Several vulnerabilities in Google Android OS could allow a climbing of privileges


Several vulnerabilities have been discovered in Google Android OS, the most serious of which could allow a climbing of privileges in the context of the affected component. The details of the vulnerabilities are as follows:

Tactical: Climbing of privileges (TA0004):

Technical: Exploitation for climbing privileges (T1068):

Multiple vulnerabilities in the framework which could allow the climbing of privileges (CVE-2024-49721, CVE-2024-49743, CVE-2024-49746, CVE-2025-0097, CVE-2025-0098, CVE-2025-0099).

Vulnerability in the platform that could allow the climbing of privileges. (CVE-2025-0094)

Several vulnerabilities in the system that could allow the climbing of privileges. (CVE-2025-0091, CVE-2025-0095, CVE-2025-0096)

Several vulnerabilities in the nucleus which could allow an escalation of privileges. (CVE-2024-53104, CVE-2025-0088)

The details of the vulnerabilities of the lower severity are as follows:

  • Several vulnerabilities in the context which could allow information to be disclosed. (CVE-2023-40122, CVE-2023-40133, CVE-2023-40134, CVE-2023-40135, CVE-2023-40136, CVE-2023-40137 -2024-0037, CVE-2025-0100)
  • Vulnerability in the context that could allow the denial of service. (CVE-2024-49741)
  • Several vulnerabilities in the system that could allow information to be disclosed. (CVE-2024-49723, CVE-2024-49729)
  • Vulnerability in updates to the Google Play system. (CVE-2024-49723)
  • Vulnerability in the components of the arm. (CVE-2025-0015)
  • Several vulnerabilities in imagination technologies. (CVE-2024-43705, CVE-2024-46973, CVE-2024-47892, CVE-2024-52935)
  • Multiple vulnerabilities in Mediatek components. (CVE-2025-20634, CVE-2024-20141, CVE-2012-20142, CVE-2025-20635, CVE-2025-20636)
  • Vulnerability in unisoc components. (CVE-2024-39441)
  • Several vulnerabilities in Qualcomm components. (CVE-2024-45569, CVE-2024-45571, CVE-2024-45582, CVE-2024-49832, CVE-2024-49833, CVE-2024-49834, CVE-2024-49839, CVE-20124-49843)
  • Multiple vulnerabilities in the components of the Closed Source Qualcomm. (CVE-2024-38404, CVE-2024-38420)

The successful exploitation of the most serious of these vulnerabilities could allow an escalation of privileges in the context of the affected component. According to the privileges associated with the component exploited, an attacker could then install programs; Show, modify or delete data; or create new accounts with full rights.

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News

CISA publishes seven advice on industrial control systemsCISA publishes seven advice on industrial control systems

CISA publishes seven advice on industrial control systems

July 1, 2025
Several vulnerabilities in Citrix products could allow the disclosure of sensitive dataSeveral vulnerabilities in Citrix products could allow the disclosure of sensitive data

Several vulnerabilities in Citrix products could allow the disclosure of sensitive data

June 27, 2025

You may have missed

CISA publishes seven advice on industrial control systemsCISA publishes seven advice on industrial control systems

CISA publishes seven advice on industrial control systems

July 1, 2025
Several vulnerabilities in Citrix products could allow the disclosure of sensitive dataSeveral vulnerabilities in Citrix products could allow the disclosure of sensitive data

Several vulnerabilities in Citrix products could allow the disclosure of sensitive data

June 27, 2025
CISA publishes five advice from industrial control systemsCISA publishes five advice from industrial control systems

CISA publishes five advice from industrial control systems

June 17, 2025
Ransomware actors use unrefined surveillance and remote management to compromise the provider of public services billing softwareRansomware actors use unrefined surveillance and remote management to compromise the provider of public services billing software

Ransomware actors use unrefined surveillance and remote management to compromise the provider of public services billing software

June 12, 2025
Several vulnerabilities in Adobe products could allow an arbitrary code executionSeveral vulnerabilities in Adobe products could allow an arbitrary code execution

Several vulnerabilities in Adobe products could allow an arbitrary code execution

June 10, 2025
Cisa publishes four reviews of industrial control systemsCisa publishes four reviews of industrial control systems

Cisa publishes four reviews of industrial control systems

June 10, 2025