SB2023100507 - Multiple vulnerabilities in Google Pixel
Published: October 5, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 28 secuirty vulnerabilities.
1) Information exposure (CVE-ID: CVE-2023-35661)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can gain access to sensitive information.
2) Buffer overflow (CVE-ID: CVE-2023-22384)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in VR Service. A local privileged application can execute arbitrary code.
3) Integer overflow (CVE-ID: CVE-2023-21644)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in RIL. A local privileged application can execute arbitrary code.
4) Improper Validation of Array Index (CVE-ID: CVE-2023-21636)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Linux. A local privileged application can execute arbitrary code.
5) Buffer over-read (CVE-ID: CVE-2022-40524)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Modem. A local privileged application can execute arbitrary code.
6) Buffer over-read (CVE-ID: CVE-2023-28571)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN HOST. A local application can read and manipulate data.
7) Buffer overflow (CVE-ID: CVE-2023-28539)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN Host. A local application can read and manipulate data.
8) Buffer over-read (CVE-ID: CVE-2023-21667)
The vulnerability allows a remote application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Bluetooth HOST. A remote application can perform a denial of service (DoS) attack.
9) Memory corruption (CVE-ID: CVE-2023-21663)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Display. A local privileged application can execute arbitrary code.
10) Integer overflow (CVE-ID: CVE-2023-21655)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Display. A local privileged application can execute arbitrary code.
11) Memory corruption (CVE-ID: CVE-2023-21654)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A local privileged application can execute arbitrary code.
12) Buffer over-read (CVE-ID: CVE-2022-33220)
The vulnerability allows a local privileged application to read and manipulate data.
The vulnerability exists due to improper input validation in Automotive multimedia. A local privileged application can read and manipulate data.
13) Information exposure (CVE-ID: CVE-2023-35663)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.
14) Information exposure (CVE-ID: CVE-2023-35656)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.
15) Improper input validation (CVE-ID: CVE-2023-3781)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the kernel subcomponent in Kernel components. A local application can execute arbitrary code.
16) Information exposure (CVE-ID: CVE-2023-35652)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.
17) Information exposure (CVE-ID: CVE-2023-35648)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.
18) Information exposure (CVE-ID: CVE-2023-35647)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.
19) Improper input validation (CVE-ID: CVE-2023-35660)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the LWIS subcomponent in Pixel. A local application can execute arbitrary code.
20) Improper input validation (CVE-ID: CVE-2023-35655)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Darwinn subcomponent in Pixel. A local application can execute arbitrary code.
21) Improper input validation (CVE-ID: CVE-2023-35654)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the vl53l1 driver subcomponent in Pixel. A local application can execute arbitrary code.
22) Improper input validation (CVE-ID: CVE-2023-35645)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Edgetpu subcomponent in Pixel. A local application can execute arbitrary code.
23) Information exposure (CVE-ID: CVE-2023-35653)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the ImsService subcomponent in Pixel. A local application can gain access to sensitive information.
24) Improper input validation (CVE-ID: CVE-2023-40142)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the oobconfig subcomponent in Pixel. A local application can execute arbitrary code.
25) Improper input validation (CVE-ID: CVE-2023-40141)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Kernel subcomponent in Pixel. A local application can execute arbitrary code.
26) Improper input validation (CVE-ID: CVE-2023-35649)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Exynos Modem subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
27) Improper input validation (CVE-ID: CVE-2023-35662)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Shannon baseband subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
28) Improper input validation (CVE-ID: CVE-2023-35646)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Shannon baseband subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
Remediation
Install update from vendor's website.