SB2022030801 - Multiple vulnerabilities in Google Android
Published: March 8, 2022 Updated: March 7, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 39 secuirty vulnerabilities.
1) Type conversion (CVE-ID: CVE-2021-35105)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a type conversion error in the Graphics component during graphics profiling. A malicious application can trigger a boundary error and escalate privileges on the system.
2) Buffer overflow (CVE-ID: CVE-2021-30333)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing EFS files within the Multi-Mode Call Processor. A local application can trigger memory corruption and execute arbitrary code on the target system.
3) Reachable Assertion (CVE-ID: CVE-2021-30332)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in NR5G when validating OTA configuration. A remote attacker can perform a denial of service (DoS) attack.
4) Reachable Assertion (CVE-ID: CVE-2021-30329)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in NR5G validating TCI configuration. A remote attacker can perform a denial of service (DoS) attack.
5) Reachable Assertion (CVE-ID: CVE-2021-30328)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in the NR5G component when validating NR CSI-IM resource configuration. A remote attacker can perform a denial of service (DoS) attack.
6) Improper Authentication (CVE-ID: CVE-2021-1950)
The vulnerability allows a local user to bypass authentication process.
The vulnerability exists due to improper cleaning of secure memory between authenticated users. A local user can bypass face authentication mechanism.7) Type conversion (CVE-ID: CVE-2021-35110)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a type conversion error in the Boot subsystem when validating hash segment of file. A malicious application can supply a specially crafted file and execute arbitrary code on the system.
8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-1942)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due improper handling of permissions of a shared memory region in the Core subsystem. A local application can execute arbitrary code with elevated privileges.
9) Out-of-bounds read (CVE-ID: CVE-2021-35117)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the WLAN Host while processing an IBSS beacon. A remote attacker can send specially crafted packets to the device, trigger an out-of-bounds read error and read contents of memory on the system.
10) Out-of-bounds read (CVE-ID: CVE-2021-35106)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary condition in the WLAN Host component when calculating length of WMI messages. A local application can send an overly long WMI message to trigger an out-of-bounds read error and execute arbitrary code with elevated privileges.
11) Buffer overflow (CVE-ID: CVE-2021-35103)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper validation of number of timer values received from firmware while syncing timers in the WLAN Host Communication component. A malicious application can trigger buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Out-of-bounds read (CVE-ID: CVE-2021-35088)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the WLAN Host Communication component during SSID IE parse when channel is DFS. A remote attacker can send specially crafted packets to the device, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.
13) Out-of-bounds write (CVE-ID: CVE-2020-29368)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input within the __split_huge_pmd() function in mm/huge_memory.c in the Linux kernel. A local user can abuse the copy-on-write implementation and gain unintended write access because of a race condition in a THP mapcount check.
14) Information disclosure (CVE-ID: CVE-2021-39705)
The vulnerability allows a malicious application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the Android kernel. A malicious application can gain unauthorized access to sensitive information on the system.
15) Security restrictions bypass (CVE-ID: CVE-2021-39702)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system.16) Security restrictions bypass (CVE-ID: CVE-2021-39701)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system.17) Security restrictions bypass (CVE-ID: CVE-2021-0957)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system.
18) Security restrictions bypass (CVE-ID: CVE-2021-39708)
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to unspecified error in the OS kernel. A remote attacker can trick the victim to perform certain actions on the device and execute arbitrary code.
Successful exploitation of the vulnerability may result in full system compromise.
19) Information disclosure (CVE-ID: CVE-2021-39667)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in media framework. A remote attacker can trick the victim to open a specially crafted media file and gain unauthorized access to sensitive information on the system.
20) Input validation error (CVE-ID: CVE-2021-39690)
The vulnerability allows a malicious application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Android Framework. A malicious application can trick the victim to perform certain actions and crash the system.21) Input validation error (CVE-ID: CVE-2021-39624)
The vulnerability allows a malicious application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Android Framework. A malicious application can trick the victim to perform certain actions and crash the system.
22) Security restrictions bypass (CVE-ID: CVE-2021-39709)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system.23) Security restrictins bypass (CVE-ID: CVE-2021-39695)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Android Framework. A malicious application can trick the victim to perform certain actions and escalate privileges on the system.24) Security restrictions bypass (CVE-ID: CVE-2021-39693)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Android Framework. A malicious application can trick the victim to perform certain actions and escalate privileges on the system.25) Security restrictins bypass (CVE-ID: CVE-2021-39692)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Android Framework. A malicious application can trick the victim to perform certain actions and escalate privileges on the system.
26) Security restrictions bypass (CVE-ID: CVE-2021-39689)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to improper privilege management in Android runtime. A malicious application can execute arbitrary code with system privileges.
27) Security restrictions bypass (CVE-ID: CVE-2021-39697)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Android Framework. A malicious application can trick the victim to perform certain actions and escalate privileges on the system.28) Security restrictions bypass (CVE-ID: CVE-2021-39707)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system.
29) Security restrictions bypass (CVE-ID: CVE-2021-39706)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system.
30) Security restrictions bypass (CVE-ID: CVE-2021-39704)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system.
31) Security restrictions bypass (CVE-ID: CVE-2021-39703)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system.32) Use-after-free (CVE-ID: CVE-2021-39698)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Linux kernel. A local user can run a specially crafted program to trigger the use-after-free error and execute arbitrary code with elevated privileges.
33) Buffer overflow (CVE-ID: CVE-2021-39685)
The vulnerability allows a malicious host to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the USB subsystem in Linux kernel. A malicious USB device can trigger memory corruption and execute arbitrary code on the system.
34) Race condition (CVE-ID: CVE-2021-39686)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the binder implementation in Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
35) Security restrictions bypass (CVE-ID: CVE-2021-39694)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to improper privilege management within the Permission Controller in Android framework. A malicious application can escalate privileges on the system.
36) Missing initialization of resource (CVE-ID: CVE-2021-3655)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing initialization of resource in the Linux kernel when processing inbound SCTP packets. A remote attacker can send specially crafted SCTP packets to the system and force the kernel to read uninitialized memory.
37) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20053)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to missing permissions check in the ims service. A local application can execute arbitrary code with elevated privileges.
38) Buffer overflow (CVE-ID: CVE-2022-20048)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in media decoder. A remote attacker can trick the victim to open a specially crafted media file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
39) Buffer overflow (CVE-ID: CVE-2022-20047)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in video decoder. A remote attacker can trick the victim to open a specially crafted media file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.
References
- https://source.android.com/security/bulletin/2022-03-01
- https://source.android.com/security/bulletin/2022-03-01#2022-03-01
- https://source.android.com/docs/security/bulletin/2022-10-01
- https://source.android.com/security/bulletin/2022-03-01#details-05
- https://android.googlesource.com/kernel/common/+/42288cb44c4b
- https://android.googlesource.com/kernel/common/+/a880b28a71e3
- https://android.googlesource.com/kernel/common/+/9537bae0da1f
- https://android.googlesource.com/kernel/common/+/363bee27e258
- https://android.googlesource.com/kernel/common/+/50252e4b5e98
- https://android.googlesource.com/kernel/common/+/b4604acd52a691c2fd33ad0a0fafb7cc19dee5de
- https://android.googlesource.com/kernel/common/+/53afb231f54a69d827b882fa282b30bb10cb08a5
- https://android.googlesource.com/kernel/common/+/d3c17d5e271ab688cb117330ec85e125ebf24d88
- https://android.googlesource.com/kernel/common/+/d49297739550
- https://android.googlesource.com/kernel/common/+/3af7a2f61023
- https://android.googlesource.com/kernel/common/+/11db2de0af2a
- https://android.googlesource.com/kernel/common/+/a4eacf3227bd
- https://android.googlesource.com/kernel/common/+/d4dbef7046e2
- https://android.googlesource.com/kernel/common/+/6ef81a5c0e22
- https://android.googlesource.com/kernel/common/+/ffca46766850
- https://android.googlesource.com/kernel/common/+/ccb79116c372