SB2022110736 - Multiple vulnerabilities in Google Android
Published: November 7, 2022 Updated: January 10, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 42 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2022-25741)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within WLAN HOST in core/mac/src/pe/lim/lim_assoc_utils.c. A remote attacker can pass specially crafted data to the device and perform a denial of service (DoS) attack.
2) Infinite loop (CVE-ID: CVE-2022-33239)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the WLAN Firmware when parsing IPV6 extension header. A remote attacker can send specially crafted IPv6 packets to the device and consume all available system resources.
3) Out-of-bounds read (CVE-ID: CVE-2022-33237)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the WLAN Firmware when processing PPE threshold. A remote attacker can send specially crafted data to the device, trigger an out-of-bounds read error and perform a denial of service (DoS) attack
4) Out-of-bounds read (CVE-ID: CVE-2022-33236)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the WLAN Firmware when parsing cipher suite info attributes. A remote attacker can send specially crafted data to the device, trigger an out-of-bounds read error and perform a denial of service (DoS) attack
5) Buffer overflow (CVE-ID: CVE-2022-33234)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Video component. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Reachable Assertion (CVE-ID: CVE-2022-25671)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the modem component. A remote attacker can send specially crafted traffic to the device and perform a denial of service (DoS) attack.
7) NULL pointer dereference (CVE-ID: CVE-2021-35135)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in in QTEE implementation when importing RSA keys. A remote attacker can pass specially crafted keys to the system and perform a denial of service (DoS) attack.
8) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2021-35132)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to boundary error within the DSP Service. A malicious application can trigger buffer overflow and execute arbitrary code with elevated privileges.
9) Input validation error (CVE-ID: CVE-2021-35109)
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input in Core. An attacker with physical access can manipulate address from APP-JS while APP-IS is configuring an RG where it tries to merge the address ranges.
10) Input validation error (CVE-ID: CVE-2021-35108)
The vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to improper checking of AP-S lock bit while verifying the secure resource group permissions in Core. An attacker with physical access can pass specially crafted input to the application and execute arbitrary code on the target system.
11) Input validation error (CVE-ID: CVE-2021-35122)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. when modifying RG permissions of IO space xPUs. A local application can execute arbitrary code with elevated privileges.
12) Use-after-free (CVE-ID: CVE-2022-25743)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Graphics component in drivers/gpu/msm/kgsl.c while importing graphics buffer. A local application can trigger a use-after-free error and execute arbitrary code with elevated privileges.
13) Buffer overflow (CVE-ID: CVE-2022-25724)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the graphics component. A remote attacker can trick the victim to open a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Input validation error (CVE-ID: CVE-2021-1050)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input within the PowerVR-GPU component. A local application can bypass implemented security restrictions.
15) Buffer overflow (CVE-ID: CVE-2022-38690)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the camera driver. A local application can trigger memory corruption and crash the system.
16) Heap-based buffer overflow (CVE-ID: CVE-2022-38676)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the gpu driver. A local application can trigger a heap-based buffer overflow and crash the kernel.
17) Out-of-bounds read (CVE-ID: CVE-2022-38673)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the face detect driver. A local application can trigger an out-of-bounds read and crash the kernel.
18) Stack-based buffer overflow (CVE-ID: CVE-2022-38672)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the face detect driver. A local application can trigger a stack-based buffer overflow and crash the kernel.
19) Integer overflow (CVE-ID: CVE-2022-39105)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow within the sensor driver. A local application can trigger memory corruption and perform a denial of service (DoS) attack.
20) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-38670)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the soundrecorder service. A local application can escalate privileges on the system.21) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-38669)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the soundrecorder service. A local application can escalate privileges on the system.22) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-2985)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Music service. A local application can escalate privileges on the system.
23) Out-of-bounds write (CVE-ID: CVE-2022-2984)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the jpg driver. A local application can trigger an out-of-bounds write and crash the kernel.
24) Out-of-bounds read (CVE-ID: CVE-2022-32602)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in keyinstall. A local application can trigger an out-of-bounds read error and read contents of memory on the system.
25) Deserialization of Untrusted Data (CVE-ID: CVE-2022-32601)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insecure input validation when processing serialized data within the telephony service. A local application can pass specially crafted data to the service and execute arbitrary code with elevated privileges.
26) Input validation error (CVE-ID: CVE-2021-39661)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input within the PowerVR-GPU component. A local application can bypass implemented security restrictions.
27) Information disclosure (CVE-ID: CVE-2022-20445)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to an error within the System component. A local application can gain access to sensitive information on the system.
28) Buffer overflow (CVE-ID: CVE-2022-20462)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the System component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
29) Buffer overflow (CVE-ID: CVE-2022-20451)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the System component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
30) Buffer overflow (CVE-ID: CVE-2022-20457)
The vulnerability allows a local application to escalate privileges on the system.
31) Buffer overflow (CVE-ID: CVE-2022-20452)
The vulnerability allows a local application to escalate privileges on the system.
32) Buffer overflow (CVE-ID: CVE-2022-20446)
The vulnerability allows a local application to escalate privileges on the system.
33) Buffer overflow (CVE-ID: CVE-2022-20450)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Framework component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
34) Buffer overflow (CVE-ID: CVE-2022-20448)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Framework component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
35) Buffer overflow (CVE-ID: CVE-2022-20441)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Framework component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
36) Buffer overflow (CVE-ID: CVE-2022-2209)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Framework component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
37) Information disclosure (CVE-ID: CVE-2022-20447)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to an error within the System component. A local application can gain access to sensitive information on the system.
38) Buffer overflow (CVE-ID: CVE-2022-20454)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the System component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
39) Input validation error (CVE-ID: CVE-2022-20453)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of supplied input within the System component. A local application can perform a denial of service (DoS) attack.
40) Buffer overflow (CVE-ID: CVE-2022-20465)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the System component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
41) Input validation error (CVE-ID: CVE-2022-20414)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of supplied input within the System component. A local application can perform a denial of service (DoS) attack.
42) Input validation error (CVE-ID: CVE-2022-20426)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of supplied input in multiple components. A local application can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.