What does the Android Security Bulletin for June 2024 outline?

The Android Security Bulletin for June 2024 outlines several critical security vulnerabilities affecting Android devices. The key vulnerabilities affect the framework, system, kernel, Arm components, Imagination Technologies, MediaTek components, and Qualcomm closed-source components.

Which framework vulnerabilities are listed in the bulletin?

The framework vulnerabilities listed are: CVE-2023-21266 (local escalation of privilege), CVE-2024-31310 (local escalation of privilege), CVE-2024-31316 to CVE-2024-31326 (multiple local escalation of privilege), CVE-2024-31312 (information disclosure), and CVE-2024-31314 (denial of service). These affect Android versions 12, 12L, 13, and 14.

What system vulnerabilities are mentioned in the bulletin?

The system vulnerabilities mentioned are: CVE-2023-21113 (local escalation of privilege), CVE-2023-21114 (local escalation of privilege), and CVE-2024-31311 to CVE-2024-31327 (multiple local escalation of privilege). These primarily affect Android versions 12, 12L, 13, and 14.

What kernel vulnerabilities are included in the bulletin?

The kernel vulnerability included is CVE-2024-26926, which is a local escalation of privilege in the Binder subcomponent.

Which Arm component vulnerabilities are highlighted in the bulletin?

The highlighted Arm component vulnerabilities are CVE-2024-0671 and CVE-2024-1065, both of which are high severity vulnerabilities affecting the Mali subcomponent.

What vulnerabilities are listed for Imagination Technologies?

The vulnerabilities listed for Imagination Technologies are CVE-2024-23695 to CVE-2024-23711, which are multiple high severity vulnerabilities affecting the PowerVR-GPU subcomponent.

What are the vulnerabilities related to MediaTek components?

The vulnerabilities related to MediaTek components are CVE-2024-20065 (high severity, affecting the telephony subcomponent) and CVE-2024-20066 to CVE-2024-20069 (multiple high severity vulnerabilities affecting the Modem subcomponent).

Which critical vulnerabilities are associated with Qualcomm closed-source components?

The critical vulnerabilities associated with Qualcomm closed-source components are CVE-2023-43538, CVE-2023-43551, and CVE-2023-43556. High severity vulnerabilities include CVE-2023-43542 and CVE-2024-23363.

How can users protect their devices from these vulnerabilities?

Users can protect their devices by updating to the latest version of Android to benefit from the enhanced security protections provided by the security patch levels of 2024-06-05 or later.

Advisory

Google Android June patch fixes a total of 37 flaws

published: June 4, 2024

Take action: Not an urgent patch release for Android. A lot of patches but nothing to rush about. It's still wise to apply the Android patch as soon as your vendor releases an update for your phone. Depending on the vendor you might wait for some weeks before the update is released for your phone.

Learn More

The Android Security Bulletin for June 2024, published on June 3, 2024, outlines several critical security vulnerabilities affecting Android devices. Key vulnerabilities are listed below

Framework Vulnerabilities:

CVE-2023-21266: Local escalation of privilege (EoP), affecting Android versions 12, 12L, and 13.
CVE-2024-31310: Local escalation of privilege (EoP), affecting Android versions 12, 12L, 13, and 14.
CVE-2024-31316 to CVE-2024-31326: Multiple EoP vulnerabilities, primarily affecting Android versions 12, 12L, 13, and 14.
CVE-2024-31312: Information disclosure (ID), affecting Android versions 12, 12L, 13, and 14.
CVE-2024-31314: Denial of service (DoS), affecting Android versions 12, 12L, 13, and 14.

System Vulnerabilities:

CVE-2023-21113: Local escalation of privilege (EoP), affecting Android versions 12, 12L, and 13.
CVE-2023-21114: Local escalation of privilege (EoP), affecting Android version 13.
CVE-2024-31311 to CVE-2024-31327: Multiple EoP vulnerabilities, primarily affecting Android versions 12, 12L, 13, and 14.

Kernel Vulnerabilities:

CVE-2024-26926: Local escalation of privilege in the Binder subcomponent.

Arm Components:

CVE-2024-0671: High severity vulnerability affecting the Mali subcomponent.
CVE-2024-1065: High severity vulnerability affecting the Mali subcomponent.

Imagination Technologies:

CVE-2024-23695 to CVE-2024-23711: Multiple high severity vulnerabilities affecting the PowerVR-GPU subcomponent.

MediaTek Components:

CVE-2024-20065: High severity vulnerability affecting the telephony subcomponent.
CVE-2024-20066 to CVE-2024-20069: Multiple high severity vulnerabilities affecting the Modem subcomponent.

Qualcomm Closed-Source Components:

CVE-2023-43538, CVE-2023-43551, CVE-2023-43556: Critical severity vulnerabilities.
CVE-2023-43542, CVE-2024-23363: High severity vulnerabilities.

The flaws are addressed by security patch levels of 2024-06-05 or later. Android partners were informed of these vulnerabilities a month before publication, and source code patches will be released to the Android Open Source Project (AOSP) repository within the next 48 hours.

Users are encouraged to update to the latest version of Android to benefit from enhanced security protections.

Google Android June patch fixes a total of 37 flaws

Read More
Microsoft November 2025 Patch Tuesday fixes one exploited …
Google Pixel devices carry Android app that can …
Samsung releases Jylu security update, still missing the …
Google Patches High-Severity V8 Race Condition in Chrome …
EncryptHub gang actively exploiting Microsoft Management Console vulnerability