Multiple vulnerabilities in Google Android

1) Improper Validation of Array Index

EUVDB-ID: #VU53856

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-11176

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary error when processing server certificate from IPSec server. A remote attacker can supply a certificate with a specially crafted subject alternative name API, trigger heap-based buffer overflow and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 8.0 2020-12-05 - 11

CPE2.3

• cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
• cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

External links

https://source.android.com/security/bulletin/2021-06-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU53861

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-11267

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in the HLOS subsystem. Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value. A local application can trigger an out-of-bounds read and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 8.0 2020-12-05 - 11

CPE2.3

• cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
• cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

External links

https://source.android.com/security/bulletin/2021-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Validation of Array Index

EUVDB-ID: #VU53857

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-11291

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists i the Data Modem subsystem due to a boundary error when processing ikev2 parameters for delete payloads received during informational exchange from the ePDG server. A remote attacker can trigger memory corruption and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 8.0 2020-12-05 - 11

CPE2.3

• cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
• cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

External links

https://source.android.com/security/bulletin/2021-06-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU53853

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2020-11292

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a local application to elevate privileges on the system.

The vulnerability exists due to a boundary error when validating parameters in QMI Voice API within the Multi-Mode Call Processor subsystem. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 8.0 2020-12-05 - 11

CPE2.3

• cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
• cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

External links

https://source.android.com/security/bulletin/2021-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Time-of-check Time-of-use (TOCTOU) Race Condition

EUVDB-ID: #VU53858

Risk: Medium

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-11298

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a race condition in QTEE subsystem. While waiting for a response to a callback or listener request, non-secure clients can change permissions to shared memory buffers used by HLOS Invoke Call to secure kernel. A local application can trigger Time-of-check Time-of-use (TOCTOU) race condition and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 8.0 2020-12-05 - 11

CPE2.3

• cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
• cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

External links

https://source.android.com/security/bulletin/2021-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use of Out-of-range Pointer Offset

EUVDB-ID: #VU53854

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-11304

CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in the Content Protection subsystem in DRM. A local application can trigger an out-of-bounds read and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 8.0 2020-12-05 - 11

CPE2.3

• cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
• cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

External links

https://source.android.com/security/bulletin/2021-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Integer overflow

EUVDB-ID: #VU53859

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-11306

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to integer overflow in the QTEE subsystem within RPMB counter. A local application can trigger an integer overflow and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 8.0 2020-12-05 - 11

CPE2.3

• cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
• cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

External links

https://source.android.com/security/bulletin/2021-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU53860

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-1900

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in the Display subsystem. A local application can trigger a race condition while creating an external display and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 8.0 2020-12-05 - 11

CPE2.3

• cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
• cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

External links

https://source.android.com/security/bulletin/2021-06-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Reachable Assertion

EUVDB-ID: #VU52823

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-1925

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in WLAN when handling group management action frame. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 8.0 2020-12-05 - 11

CPE2.3

• cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
• cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

External links

https://source.android.com/security/bulletin/2021-06-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Reachable Assertion

EUVDB-ID: #VU53855

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-1937

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when processing WLAN messages. A remote attacker can send a specially crafted packet to the system and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 8.0 2020-12-05 - 11

CPE2.3

• cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
• cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

External links

https://source.android.com/security/bulletin/2021-06-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Cross-site scripting

EUVDB-ID: #VU53673

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-0527

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in (keywords) searching parameter. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 8.0 2020-12-05 - 11

CPE2.3

• cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
• cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

External links

https://source.android.com/security/bulletin/2021-06-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper access control

EUVDB-ID: #VU53578

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-26555

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the Bluetooth legacy BR/EDR PIN code pairing. An attacker with physical access can spoof the BD_ADDR of the peer device and complete pairing without knowledge of the PIN.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 8.0 2020-12-05 - 11

CPE2.3

• cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
• cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

External links

https://source.android.com/security/bulletin/2021-06-01

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Security features bypass

EUVDB-ID: #VU53579

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-26558

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to an impersonation in the Passkey Entry protocol flaw. A remote attacker on the local network can perform a man-in-the-middle (MITM) attack and impersonate the initiating device without any previous knowledge.

Note: This vulnerability affects the following specifications:

• BR/EDR Secure Simple Pairing in Bluetooth Core Specifications 2.1 through 5.2
• BR/EDR Secure Connections Pairing in Bluetooth Core Specifications 4.1 through 5.2 
• LE Secure Connections Pairing in Bluetooth Core Specifications 4.2 through 5.2

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 8.0 2020-12-05 - 11

CPE2.3

• cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
• cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

External links

https://source.android.com/security/bulletin/2021-06-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.