Google Android devices: CVSS (Max): 6.6*

===========================================================================
             AUSCERT External Security Bulletin Redistribution             
                                                                           
                               ESB-2024.2070                               
                    Pixel Update Bulletin -- April 2024                    
                               5 April 2024                                
                                                                           
===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Google Android devices                                  
Publisher:         Google                                                  
Operating System:  Android                                                 
Resolution:        Patch/Upgrade                                           
CVE Names:         CVE-2024-29740 CVE-2024-29741 CVE-2024-29743            
                   CVE-2024-29748 CVE-2024-29749 CVE-2024-29752            
                   CVE-2024-29753 CVE-2024-29757 CVE-2024-27231            
                   CVE-2024-27232 CVE-2024-29738 CVE-2024-29744            
                   CVE-2024-29745 CVE-2024-29747 CVE-2024-29750            
                   CVE-2024-29751 CVE-2024-29754 CVE-2024-29755            
                   CVE-2024-29782 CVE-2024-29783 CVE-2024-29746            
                   CVE-2024-29756 CVE-2024-29739 CVE-2024-29742            
                   CVE-2023-43515                                          

Original Bulletin:
   https://source.android.com/docs/security/bulletin/pixel/2024-04-01

Comment: CVSS (Max):  6.6* CVE-2023-43515 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L)
         CVSS Source: Qualcomm                                             
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
         * Not all CVSS available when published                           
                                                                           
         The following are listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog:
         CISA KEV CVE(s): CVE-2024-29748 CVE-2024-29745                    
         CISA KEV URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog


- --------------------------BEGIN INCLUDED TEXT--------------------

Published April 2, 2024

The Pixel Update Bulletin contains details of security vulnerabilities and
functional improvements affecting supported Pixel devices (Google devices). For
Google devices, security patch levels of 2024-04-05 or later address all issues
in this bulletin and all issues in the April 2024 Android Security Bulletin. To
learn how to check a device's security patch level, see Check and update your
Android version.

All supported Google devices will receive an update to the 2024-04-05 patch
level. We encourage all customers to accept these updates to their devices.

Note: The Google device firmware images are available on the Google Developer
site.

Announcements

  o In addition to the security vulnerabilities described in the April 2024
    Android Security Bulletin, Google devices also contain patches for the
    security vulnerabilities described below.

Note: There are indications that the following may be under limited, targeted
exploitation.

  o CVE-2024-29745
  o CVE-2024-29748

Security patches

Vulnerabilities are grouped under the component that they affect. There is a
description of the issue and a table with the CVE, associated references, type
of vulnerability, severity, and updated Android Open Source Project (AOSP)
versions (where applicable). When available, we link the public change that
addressed the issue to the bug ID, like the AOSP change list. When multiple
changes relate to a single bug, additional references are linked to numbers
following the bug ID.

Pixel

     CVE        References   Type Severity  Subcomponent
CVE-2024-29740 A-315316882 * EoP  Critical ACPM
CVE-2024-29741 A-283803605 * EoP  High     S2MPU
CVE-2024-29743 A-315322962 * EoP  High     ACPM
CVE-2024-29748 A-318507188 * EoP  High     Pixel Firmware
CVE-2024-29749 A-315318821 * EoP  High     ACPM
CVE-2024-29752 A-315319015 * EoP  High     ACPM
CVE-2024-29753 A-315316911 * EoP  High     ACPM
CVE-2024-29757 A-306627047 * EoP  High     Companion
CVE-2024-27231 A-315321005 * ID   High     ACPM
CVE-2024-27232 A-308409713 * ID   High     GSC
CVE-2024-29738 A-318294347 * ID   High     ACPM
CVE-2024-29744 A-315322436 * ID   High     ACPM
CVE-2024-29745 A-318507136 * ID   High     bootloader
CVE-2024-29747 A-318345650 * ID   High     ACPM
CVE-2024-29750 A-308932295 * ID   High     GSC
CVE-2024-29751 A-308409494 * ID   High     GSC
CVE-2024-29754 A-315316499 * ID   High     ACPM
CVE-2024-29755 A-315315914 * ID   High     ACPM
CVE-2024-29782 A-315319017 * ID   High     ACPM
CVE-2024-29783 A-315319006 * ID   High     ACPM
CVE-2024-29746 A-318345662 * EoP  Moderate acpm
CVE-2024-29756 A-322896109 * EoP  Moderate audio
CVE-2024-29739 A-315323409 * ID   Moderate ACPM
CVE-2024-29742 A-318322946 * ID   Moderate ACPM

Qualcomm components

     CVE         References    Severity Subcomponent
CVE-2023-43515 A-303107287              Moderate     Bootloader
               QC-CR#3357731 *

Functional patches

For details on the new bug fixes and functional patches included in this
release, refer to the Pixel Community forum.

Common questions and answers

This section answers common questions that may occur after reading this
bulletin.

1. How do I determine if my device is updated to address these issues?

Security patch levels of 2024-04-05 or later address all issues associated with
the 2024-04-05 security patch level and all previous patch levels. To learn how
to check a device's security patch level, read the instructions on the Google
device update schedule.

2. What do the entries in the Type column mean?

Entries in the Type column of the vulnerability details table reference the
classification of the security vulnerability.

Abbreviation          Definition
RCE          Remote code execution
EoP          Elevation of privilege
ID           Information disclosure
DoS          Denial of service
N/A          Classification not available

3. What do the entries in the References column mean?

Entries under the References column of the vulnerability details table may
contain a prefix identifying the organization to which the reference value
belongs.

Prefix         Reference
A-     Android bug ID
QC-    Qualcomm reference number
M-     MediaTek reference number
N-     NVIDIA reference number
B-     Broadcom reference number
U-     UNISOC reference number

4. What does an * next to the Android bug ID in the References column mean?

Issues that are not publicly available have an * next to the Android bug ID in
the References column. The update for that issue is generally contained in the
latest binary drivers for Pixel devices available from the Google Developer
site.

5. Why are security vulnerabilities split between this bulletin and the Android
Security Bulletins?

Security vulnerabilities that are documented in the Android Security Bulletins
are required to declare the latest security patch level on Android devices.
Additional security vulnerabilities, such as those documented in this bulletin
are not required for declaring a security patch level.

Versions

Version     Date            Notes
1.0     April 2, 2024 Bulletin published

Was this helpful?

Content and code samples on this page are subject to the licenses described in
the Content License. Java and OpenJDK are trademarks or registered trademarks
of Oracle and/or its affiliates.

Last updated 2024-04-02 UTC.

- --------------------------END INCLUDED TEXT----------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================