SB2022071917 - Multiple vulnerabilities in Google Chromecast

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022071917

SB2022071917 - Multiple vulnerabilities in Google Chromecast

Published: July 19, 2022

Security Bulletin ID SB2022071917
Severity
Medium
Patch available
YES
Number of vulnerabilities 19
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 11% Low 89%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 19 secuirty vulnerabilities.


1) Security restrictions bypass (CVE-ID: CVE-2021-39704)

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system.


2) Information disclosure (CVE-ID: CVE-2021-39809)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output. A local application can gain unauthorized access to sensitive information on the system.


3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-39808)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to security restrictions bypass in System component. A local application can bypass implemented security restrictions and escalate privileges on the system.


4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-39807)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to security restrictions bypass in System component. A local application can execute privileges on the system.


5) Security restrictions bypass (CVE-ID: CVE-2021-39707)

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system.


6) Security restrictions bypass (CVE-ID: CVE-2021-39706)

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system.


7) Security restrictions bypass (CVE-ID: CVE-2021-0957)

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system.


8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20363)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to unspecified error in AMLogic in Chromecast. A local application can trigger the vulnerability to bypass security restrictions and escalate privileges on the system.


9) Information disclosure (CVE-ID: CVE-2021-39803)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data in Media Framework Media Codecs. A remote attacker can gain unauthorized access to sensitive information on the system.


10) Information disclosure (CVE-ID: CVE-2021-39667)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in media framework. A remote attacker can trick the victim to open a specially crafted media file and gain unauthorized access to sensitive information on the system.


11) Information disclosure (CVE-ID: CVE-2021-39700)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A local application can gain unauthorized access to sensitive information on the system.


12) Use-after-free (CVE-ID: CVE-2022-20007)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java. A local application can trick the victim into opening a specially crafted file and escalate privileges on the system.


13) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20005)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to unspecified error in validateApkInstallLocked of PackageInstallerSession.java. A local application can trigger the vulnerability to bypass security restrictions and escalate privileges on the system.


14) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20004)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to unspecified error in Chromecast Framework. A local application can trigger the vulnerability to bypass security restrictions and escalate privileges on the system.


15) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-39796)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions within Android framework. A local application can escalate privileges on the system.


16) Security restrictins bypass (CVE-ID: CVE-2021-39692)

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Android Framework. A malicious application can trick the victim to perform certain actions and escalate privileges on the system.


17) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20114)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due the an error in placeCall of TelecomManager.java that allows an application to keep itself running with foreground service importance. A local application can can bypass security restrictions and escalate privileges on the system.


18) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20011)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to an a missing permissions check in the getArray() in NotificationManagerService.java. A local application can obtain notifications that belong to another application.


19) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20112)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions in getAvailabilityStatus in PrivateDnsPreferenceController.java. A local application can change private DNS settings and escalate privileges on the system.


Remediation

Install update from vendor's website.

References