Android security advisory -- March 2024 Monthly Rollup (AV24-119)- 20240308004¶
Overview¶
Android released a security bulletin to address vulnerabilities affecting Android devices. Security patch levels of 2024-03-05 or later address all of these issues. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.
What is vulnerable?¶
| Product(s) Affected | Summary | Severity | CVE |
|---|---|---|---|
| Framework ver: 12, 12L, 13, 14 | High | AOSP | CVE-2024-0044, CVE-2024-0046, CVE-2024-0048, CVE-2024-0049, CVE-2024-0050, CVE-2024-0051, CVE-2024-0053, CVE-2024-0047 |
| System ver: 12, 12L, 13, 14 | Critical | AOSP | CVE-2024-0039, CVE-2024-23717 |
| AMLogic | Critical | Bootloader | CVE-2023-48424, CVE-2023-48425 |
| Arm components | High | Mali | CVE-2023-6143, CVE-2023-6241 |
| MediaTek components | High | da, lk, flashc, OPTEE | CVE-2024-20005, CVE-2024-20022, CVE-2024-20023, CVE-2024-20024, CVE-2024-20025, CVE-2024-20027, CVE-2024-20028, CVE-2024-20020, CVE-2024-20026 |
| Qualcomm components | High | Security, Kerel, WLAN | CVE-2023-43546, CVE-2023-43547, CVE-2023-43550, CVE-2023-43552, CVE-2023-43553 |
| Qualcomm | Critical | Closed-source components | CVE-2023-28578 |
Recommendation¶
The WA SOC recommends administrators to review the provided web link and apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer Patch Management):