SB2022120710 - Multiple vulnerabilities in Google Android
Published: December 7, 2022 Updated: November 15, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 73 secuirty vulnerabilities.
1) Reachable Assertion (CVE-ID: CVE-2022-25689)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the Modem component. A remote attacker can send specially crafted data to the device and perform a denial of service (DoS) attack.2) Out-of-bounds read (CVE-ID: CVE-2022-33268)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Bluetooth HOST when pairing and connecting A2DP. An attacker with [physical proximity to device can trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
3) Reachable Assertion (CVE-ID: CVE-2022-25672)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the Modem component when processing SIB1 with invalid Bandwidth. A remote attacker can send specially crafted data to the device and perform a denial of service (DoS) attack.
4) Reachable Assertion (CVE-ID: CVE-2022-25673)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the Modem component when processing configuration from network. A remote attacker can send specially crafted data to the device and perform a denial of service (DoS) attack.5) Buffer overflow (CVE-ID: CVE-2022-25681)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within kernel caused by the hypervisor not correctly invalidating the processor translation caches. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
6) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2022-25682)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the User Identity Module when decoding command from card. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.7) Error Handling (CVE-ID: CVE-2022-25685)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the Multi-Mode Call Processor. A remote attacker can send specially crafted traffic to the device and perform a denial of service (DoS) attack.
8) Reachable Assertion (CVE-ID: CVE-2022-25691)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the Modem component when processing SIB1 with invalid SCS and bandwidth settings. A remote attacker can send specially crafted data to the device and perform a denial of service (DoS) attack.9) Stack-based buffer overflow (CVE-ID: CVE-2022-39129)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the face detect driver. A local application can trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
10) Reachable Assertion (CVE-ID: CVE-2022-25692)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the Modem component when processing common config procedure. A remote attacker can send specially crafted data to the device and perform a denial of service (DoS) attack.
11) Improper Validation of Array Index (CVE-ID: CVE-2022-25695)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the User Identity Module when processing GSTK Proactive commands. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.12) Buffer overflow (CVE-ID: CVE-2022-25697)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in i2c buses when reading address configuration from i2c driver. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
13) Buffer overflow (CVE-ID: CVE-2022-25698)
The vulnerability allows a local application to escalate privileges on the system.
14) Reachable Assertion (CVE-ID: CVE-2022-25702)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the Modem component when processing reconfiguration message. A remote attacker can send specially crafted data to the device and perform a denial of service (DoS) attack.15) Out-of-bounds read (CVE-ID: CVE-2022-33235)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the WLAN firmware when parsing security context info attributes. A remote attacker can send specially crafted traffic to the device, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
16) Infinite loop (CVE-ID: CVE-2022-33238)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the WLAN Firmware when processing an incoming FTM frames. A remote attacker can send specially crafted traffic to the device, consume all available system resources and cause denial of service conditions.
17) Out-of-bounds read (CVE-ID: CVE-2022-39130)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the face detect driver. A local application can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
18) Out-of-bounds write (CVE-ID: CVE-2022-42772)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the wlan driver. A local application can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
19) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-23960)
The vulnerability allows a local user to obtain potentially sensitive information.
The vulnerability exists due to improper restrictions of cache speculation. A local user can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches and gain access to sensitive information.
The vulnerability was dubbed Spectre-BHB.
20) Improper locking (CVE-ID: CVE-2022-39106)
The vulnerability allows a local application to perform a denial of service attack (DoS).
The vulnerability exists due to improper locking error within the serviceIn sensor driver. A local application can trigger a deadlock and perform a denial of service (DoS) attack.
21) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-39660)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the PowerVR-GPU component. A local application can escalate privileges on the system.
22) Out-of-bounds write (CVE-ID: CVE-2022-32594)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in widevine. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
23) Out-of-bounds write (CVE-ID: CVE-2022-32596)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in widevine. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
24) Out-of-bounds write (CVE-ID: CVE-2022-32597)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in widevine. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
25) Out-of-bounds write (CVE-ID: CVE-2022-32598)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in widevine. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
26) Buffer overflow (CVE-ID: CVE-2022-32619)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in keyinstall. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
27) Buffer overflow (CVE-ID: CVE-2022-32620)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within mpu. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
28) Buffer overflow (CVE-ID: CVE-2022-39131)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the camera driver. A local application can trigger memory corruption and perform a denial of service (DoS) attack.
29) Race condition (CVE-ID: CVE-2022-42771)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the wlan driver. A local application can exploit the race and perform a denial of service (DoS) attack.
30) Heap-based buffer overflow (CVE-ID: CVE-2022-39132)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the camera driver. A local application can trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
31) Out-of-bounds write (CVE-ID: CVE-2022-39133)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the wlan driver. A local application can trigger an out-of-bounds write and crash the system.
32) Race condition (CVE-ID: CVE-2022-39134)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the audio driver. A local local application can exploit the race to trigger a use-after-free and crash the kernel.
33) Use-after-free (CVE-ID: CVE-2022-42754)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the npu driver. A local application can trigger a use-after-free error and perform a denial of service (DoS) attack.
34) Out-of-bounds write (CVE-ID: CVE-2022-42755)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the wlan driver driver. A local application can trigger an out-of-bounds write and crash the kernel.
35) Buffer overflow (CVE-ID: CVE-2022-42756)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the sensor driver. A local application can trigger memory corruption and crash the kernel.
36) Race condition (CVE-ID: CVE-2022-42770)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the wlan driver. A local application can exploit the race and perform a denial of service (DoS) attack.
37) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20495)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Bluetooth component. A local application can escalate privileges on the system.
38) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20488)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Bluetooth component. A local application can escalate privileges on the system.
39) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20487)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Bluetooth component. A local application can escalate privileges on the system.
40) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20484)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Bluetooth component. A local application can escalate privileges on the system.
41) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20480)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Bluetooth component. A local application can escalate privileges on the system.
42) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20479)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Bluetooth component. A local application can escalate privileges on the system.
43) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20478)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Bluetooth component. A local application can escalate privileges on the system.
44) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20240)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Bluetooth component. A local application can escalate privileges on the system.
45) Information disclosure (CVE-ID: CVE-2022-20498)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error within the Bluetooth component. An attacker with physical proximity to device can gain unauthorized access to sensitive information.
46) Arbitrary code execution (CVE-ID: CVE-2022-20469)
The vulnerability allows an attacker to compromise the affected device.
The vulnerability exists due to insufficient validation of untrused input within the Bluetooth component. An attacker with physical proximity to device can pass specially crafted input to the system and execute arbitrary code.
47) Arbitrary code execution (CVE-ID: CVE-2022-20411)
The vulnerability allows an attacker to compromise the affected device.
The vulnerability exists due to insufficient validation of untrused input within the Bluetooth component. An attacker with physical proximity to device can pass specially crafted input to the system and execute arbitrary code.
48) Information disclosure (CVE-ID: CVE-2022-20496)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in Android Media framework. A local application can gain unauthorized access to sensitive information.
49) Information disclosure (CVE-ID: CVE-2022-20497)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error within the Bluetooth component. A local application can gain unauthorized access to sensitive information on the system.
50) Information disclosure (CVE-ID: CVE-2022-20471)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error within the Bluetooth component. A local application can gain unauthorized access to sensitive information on the system.
51) Information disclosure (CVE-ID: CVE-2022-20468)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error within the Bluetooth component. A local application can gain unauthorized access to sensitive information on the system.
52) Information disclosure (CVE-ID: CVE-2022-20483)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error within the Bluetooth component. A local application can gain unauthorized access to sensitive information on the system.
53) Information disclosure (CVE-ID: CVE-2022-20466)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error within the Bluetooth component. A local application can gain unauthorized access to sensitive information on the system.
54) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20501)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Bluetooth component. A local application can escalate privileges on the system.
55) Input validation error (CVE-ID: CVE-2022-20482)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of untrusted input within the Android framework. A local application can perform a denial of service (DoS) attack.
56) Input validation error (CVE-ID: CVE-2022-20449)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of untrusted input within the Android framework. A local application can perform a denial of service (DoS) attack.
57) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20611)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
58) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20491)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
59) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20486)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
60) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20485)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
61) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20474)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
62) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20470)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
63) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20444)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
64) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20442)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
65) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-39617)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
66) Input validation error (CVE-ID: CVE-2022-20473)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within Android framework. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.
67) Input validation error (CVE-ID: CVE-2022-20472)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within Android framework. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.
68) Information disclosure (CVE-ID: CVE-2022-20502)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in Android Runtime. A local application can gain unauthorized access to sensitive information.
69) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20477)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
70) Input validation error (CVE-ID: CVE-2021-0934)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of untrusted input within the Android framework. A local application can perform a denial of service (DoS) attack.
71) Input validation error (CVE-ID: CVE-2022-20476)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of untrusted input within the Android framework. A local application can perform a denial of service (DoS) attack.
72) Input validation error (CVE-ID: CVE-2022-20500)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of untrusted input within the Android framework. A local application can perform a denial of service (DoS) attack.
73) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20475)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
Remediation
Install update from vendor's website.