MGASA-2024-0262 Updated php packages fix security vulnerability

This update ships the latest version of php 8.2. It brings fixed security issues and the usual bug fixes. Vulnerability: A code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information...

CVE-2024-32922

CVE-2024-32922 involves a logic error in the Pixel GPU power management path, specifically in gpu_pm_power_on_top_nolock within pixel_gpu_power.c, which can lead to a protected memory compromise. The vulnerability could enable local escalation of privilege to the TEE with no additional execution ...

BIT-PHP-2024-5458 Filter bypass in filter_var (FILTER_VALIDATE_URL)

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

CVE-2024-5458

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

CVE-2024-5458

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

CVE-2024-5458

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

CVE-2024-5458

CVE-2024-5458 affects PHP:8.1.x before 8.1.29, 8.2.x before 8.2.20, and 8.3.x before 8.3.8. The issue is a code logic error in URL validation using FILTER_VALIDATE_URL in filtering functions (e.g., filter_var), where certain URL forms cause the username:password portion to be misclassified as val...

CVE-2024-5458

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

PUB-A-318507188

there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

PUB-A-297569957

In ppmpunprotectbuf of drmfw.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-40093

CVE-2023-40093 is an information-disclosure vulnerability in Google Android where trimmed content could be included in PDF output due to a logic error. It allows local information disclosure with no user interaction; confidentiality is impacted. Public sources cite this CVE in Android security bu...

PUB-A-269274102

there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

PUB-A-282081424

there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PUB-A-288366554

In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

PUB-A-279767668

there is a possible way to bypass carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Design/Logic Flaw

In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity.java, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...

CVE-2023-21267

The CVE-2023-21267 issue affects Android’s KeyguardViewMediator.java in the framework, enabling bypass of lockdown mode via screen pinning due to a logic error. This leads to local information disclosure without extra privileges or user interaction. Exploitation can occur on devices with access t...

CVE-2023-20942

In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

PUB-A-267809568

In getCurrentPrivilegedPackagesForAllUsers of CarrierPrivilegesTracker.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2022-20562

The CVE-2022-20562 entry concerns a logic error in ap_input_processor.c within the Android kernel’s audio processing path that could allow recording audio during a phone call, leading to local information disclosure. The vulnerability is classified as Information Disclosure with a Local attack ve...