SB2021052006 - Multiple vulnerabilities in Google Android
Published: May 20, 2021 Updated: August 9, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 secuirty vulnerabilities.
1) Detection of Error Condition Without Action (CVE-ID: CVE-2021-1906)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the Graphics component. A local user can trigger a new GPU address allocation failure and perform a denial of service attack.
Note, the vulnerability is being used in limited targeted attacks.
2) Use-after-free (CVE-ID: CVE-2021-1891)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Audio component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
3) Use-after-free (CVE-ID: CVE-2021-1905)
The vulnerability allows a local user to escalate privileges on the system
The vulnerability exists due to a use-after-free error in Graphics component when handling memory mapping of multiple processes simultaneously. A local user can escalate privileges on the system.
Note, the vulnerability is being used in limited targeted attacks.
4) Use-after-free (CVE-ID: CVE-2021-1927)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in DSP Services within FastRPC driver. A local user can execute arbitrary code with elevated privileges.
5) Reachable Assertion (CVE-ID: CVE-2020-11273)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the Modem component. Histogram type KPI was teardown with the assumption of the existence of histogram binning info and will lead to null pointer access when histogram binning info is missing due to lack of null check.
6) Reachable Assertion (CVE-ID: CVE-2020-11274)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the Modem component due to invalid configuration. A remote attacker can perform a denial of service (DoS) attack.
7) Integer overflow (CVE-ID: CVE-2020-11279)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to integer overflow within the Modem component when processing crafted SDES packets. A remote attacker can pass specially crafted SDES packets to the system, trigger integer overflow and gain access to sensitive information.
8) Buffer overflow (CVE-ID: CVE-2020-11284)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in QTEE. Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory region untrusted source of input for secure boot loader.
9) Out-of-bounds read (CVE-ID: CVE-2020-11285)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Data Modem component when processing RTCP packets. A remote attacker can create a specially crafted RTCP packets to the system, trigger out-of-bounds read error and read contents of memory on the system.
10) Out-of-bounds write (CVE-ID: CVE-2020-11288)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Content Protection feature while processing commands. A local user can trigger an out-of-bounds write error in playready and escalate privileges on the system.
11) Out-of-bounds write (CVE-ID: CVE-2020-11289)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in TZ command handler within the Content Protection feature. A local user can pass a specially crafted command ID, trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
12) Double Free (CVE-ID: CVE-2021-1910)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Video component. A remote attacker can trick the victim to play a specially crafted video file, trigger a double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Buffer overflow (CVE-ID: CVE-2021-1915)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN component when processing NDP. A local user can trigger buffer overflow and escalate privileges on the system.
14) Race condition (CVE-ID: CVE-2019-2219)
The vulnerability allows a local authenticated user to gain access to sensitive information.
In System UI, there is a possible bypass of user's consent for access to sensor data due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-119041698
15) Improper locking (CVE-ID: CVE-2020-29661)
The vulnerability allows a local user to perform a escalate privileges on the system.
The vulnerability exists due to locking error in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. An local user can exploit this vulnerability to trigger a use-after-free error against TIOCSPGRP and execute arbitrary code with elevated privileges.
16) Use-after-free (CVE-ID: CVE-2021-28663)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Arm Mali GPU kernel driver. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0. A local application can trigger a use-after-free error and execute arbitrary code on the system with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
17) Buffer overflow (CVE-ID: CVE-2021-28664)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Arm Mali GPU kernel driver. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r8p0 through r30p0. A local application can trigger memory corruption and execute arbitrary code on the system with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Remediation
Install update from vendor's website.