SB2020100901 - Multiple vulnerabilities in Google Android
Published: October 9, 2020 Updated: November 29, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 48 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2020-0408)
The vulnerability allows a local application to elevate privileges on the system.
The vulnerability exists due to a boundary error in Android runtime. A local application can be used to trigger memory corruption and execute arbitrary code on the device with elevated privileges.
2) Input validation error (CVE-ID: CVE-2020-3638)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified vulnerability in the Qualcomm closed-source components. A remote attacker can pass specially crafted input to the device and execute arbitrary code on the system.
3) Input validation error (CVE-ID: CVE-2020-3654)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified vulnerability in the Qualcomm closed-source components. A remote attacker can pass specially crafted input to the device and execute arbitrary code on the system.
4) Input validation error (CVE-ID: CVE-2020-3657)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified vulnerability in the Qualcomm closed-source components. A remote attacker can pass specially crafted input to the device and execute arbitrary code on the system.
5) Input validation error (CVE-ID: CVE-2020-3673)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified vulnerability in the Qualcomm closed-source components. A remote attacker can pass specially crafted input to the device and execute arbitrary code on the system.
6) Input validation error (CVE-ID: CVE-2020-3692)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified vulnerability in the Qualcomm closed-source components. A remote attacker can pass specially crafted input to the device and execute arbitrary code on the system.
7) Input validation error (CVE-ID: CVE-2020-11154)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified vulnerability in the Qualcomm closed-source components. A remote attacker can pass specially crafted input to the device and execute arbitrary code on the system.
8) Input validation error (CVE-ID: CVE-2020-11155)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified vulnerability in the Qualcomm closed-source components. A remote attacker can pass specially crafted input to the device and execute arbitrary code on the system.
9) Input validation error (CVE-ID: CVE-2020-3670)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified vulnerability in the Qualcomm closed-source components. A remote attacker can pass specially crafted input to the device and execute arbitrary code on the system.
10) Input validation error (CVE-ID: CVE-2020-0376)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified error within the MediaTek ISP component. A remote attacker can compromise the affected device.
Note, additional information on this vulnerability is not available yet, that is why it was scored wthi the highest potential risk possible.
11) Input validation error (CVE-ID: CVE-2020-3678)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified vulnerability in the Qualcomm closed-source components. A remote attacker can pass specially crafted input to the device and execute arbitrary code on the system.
12) Input validation error (CVE-ID: CVE-2020-3684)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified vulnerability in the Qualcomm closed-source components. A remote attacker can pass specially crafted input to the device and execute arbitrary code on the system.
13) Input validation error (CVE-ID: CVE-2020-3690)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified vulnerability in the Qualcomm closed-source components. A remote attacker can pass specially crafted input to the device and execute arbitrary code on the system.
14) Input validation error (CVE-ID: CVE-2020-3703)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified vulnerability in the Qualcomm closed-source components. A remote attacker can pass specially crafted input to the device and execute arbitrary code on the system.
15) Input validation error (CVE-ID: CVE-2020-3704)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified vulnerability in the Qualcomm closed-source components. A remote attacker can pass specially crafted input to the device and execute arbitrary code on the system.
16) Input validation error (CVE-ID: CVE-2020-11141)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified vulnerability in the Qualcomm closed-source components. A remote attacker can pass specially crafted input to the device and execute arbitrary code on the system.
17) Input validation error (CVE-ID: CVE-2020-11156)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified vulnerability in the Qualcomm closed-source components. A remote attacker can pass specially crafted input to the device and execute arbitrary code on the system.
18) Input validation error (CVE-ID: CVE-2020-11157)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified vulnerability in the Qualcomm closed-source components. A remote attacker can pass specially crafted input to the device and execute arbitrary code on the system.
19) Input validation error (CVE-ID: CVE-2020-11164)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified vulnerability in the Qualcomm closed-source components. A remote attacker can pass specially crafted input to the device and execute arbitrary code on the system.
20) Input validation error (CVE-ID: CVE-2020-11169)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified vulnerability in the Qualcomm closed-source components. A remote attacker can pass specially crafted input to the device and execute arbitrary code on the system.
21) Input validation error (CVE-ID: CVE-2020-0371)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified error within the MediaTek KeyInstall component. A remote attacker can compromise the affected device.
Note, additional information on this vulnerability is not available yet, that is why it was scored wthi the highest potential risk possible.
22) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0420)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to Android Framework does not properly impose security restrictions on the setUpdatableDriverPath. A malicious application may call setUpdatableDriverPath and execute arbitrary code on the device with elevated privileges.
23) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0416)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in System functionality. A remote attacker can use use a specially crafted transmission to gain access to additional permissions.
24) Integer overflow (CVE-ID: CVE-2020-0421)
The vulnerability allows a local application to escalate privileges on the device.
The vulnerability exists due to integer overflow in Android Framework when encoding errors. A local application can trigger integer overflow and execute arbitrary code on the device with elevated privileges.
25) Improper access control (CVE-ID: CVE-2020-0246)
The vulnerability allows a local application to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to EuiccController in Android Framework does not validate the calling package name to ensure that it is owned by the calling UID. A local application can abuse this behavior to gain carrier privileges in the call to EuiccController#getEid by passing the package name of another app that does have carrier privileges to one or more subscriptions.
26) Improper access control (CVE-ID: CVE-2020-0412)
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to a missing isShellUser check in Android Framework. A local user can bypass implemented security restrictions and gain unauthorized access to the application.
27) Improper access control (CVE-ID: CVE-2020-0419)
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the Android Framework does not set referrerUri on SessionInfo for non-owners. A local user can bypass implemented security restrictions and gain unauthorized access to the application.
28) Out-of-bounds write (CVE-ID: CVE-2020-0213)
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a boundary error within the hevcd_fmt_conv_420sp_to_420sp_av8() function in ihevcd_fmt_conv_420sp_to_420sp.s in libhevc when performing SIMD fomrat conversion for width less than 32. A remote attacker can pass specially crafted data to the application, trigger an out-of-bounds write due to a heap buffer overflow and execute arbitrary code on the device.
29) Information disclosure (CVE-ID: CVE-2020-0411)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to an uninitialized object in AACExtractor in Android Media Framework. A local user can gain unauthorized access to sensitive information on the system.
30) Information disclosure (CVE-ID: CVE-2020-0414)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to silencing fast catpure tracks is not properly implemented in Android Media Framework. A local user can gain unauthorized access to sensitive information on the system.
31) Information disclosure (CVE-ID: CVE-2019-2194)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Android Media Framework. A local user can gain unauthorized access to sensitive information on the system.
32) Incorrect default permissions (CVE-ID: CVE-2020-0215)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege of a pairing Bluetooth MAC address with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140417248
33) Information disclosure (CVE-ID: CVE-2020-0377)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in System functionality. A remote attacker can gain unauthorized access to sensitive information on the system.
34) Input validation error (CVE-ID: CVE-2020-0367)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified error within the MediaTek Widevine component. A remote attacker can compromise the affected device.
Note, additional information on this vulnerability is not available yet, that is why it was scored wthi the highest potential risk possible.
35) Information disclosure (CVE-ID: CVE-2020-0378)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in System functionality. A remote attacker can gain unauthorized access to sensitive information on the system.
36) Information disclosure (CVE-ID: CVE-2020-0398)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in System functionality. A remote attacker can gain unauthorized access to sensitive information on the system.
37) Information disclosure (CVE-ID: CVE-2020-0400)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application within the System functionality in PendingIntent in NotificationMgr. A remote attacker can gain unauthorized access to sensitive information on the system.
38) Information disclosure (CVE-ID: CVE-2020-0410)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in System functionality. A remote attacker can gain unauthorized access to sensitive information on the system.
39) Information disclosure (CVE-ID: CVE-2020-0413)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in System functionality. A remote attacker can gain unauthorized access to sensitive information on the system.
40) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0415)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to not properly imposed security restrictions on PendingIntents. A local application can abuse this functionality to gain access to potentially sensitive information.
41) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0422)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists within the Contacts package that sets an empty content intent when setting pending intents on import/export notifications . A local application can gain access to sensitive information.
42) Input validation error (CVE-ID: CVE-2020-0423)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the Binder component in OS kernel. A remote attacker can create a specially crafted file, trick the victim into opening it and execute arbitrary code on the system.
43) Input validation error (CVE-ID: CVE-2020-0283)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified error within the MediaTek KeyInstall component. A remote attacker can compromise the affected device.
Note, additional information on this vulnerability is not available yet, that is why it was scored wthi the highest potential risk possible.
44) Input validation error (CVE-ID: CVE-2020-0339)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to unspecified error within the MediaTek Widevine component. A remote attacker can compromise the affected device.
Note, additional information on this vulnerability is not available yet, that is why it was scored wthi the highest potential risk possible.
45) Out-of-bounds read (CVE-ID: CVE-2020-11125)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the mhi_process_data_event_ring() function in drivers/bus/mhi/core/mhi_main.c file within the Qualcomm MHI bus driver. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.
Affected components: msm kernel 4.9 and msm kernel 4.14.
46) Buffer overflow (CVE-ID: CVE-2020-11162)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the drivers/bus/mhi/core/mhi_main.c file in Qualcomm MHI bus driver when processing EOT events. A remote attacker with control over the device can send specially crafted data to the system, trigger memory corruption and execute arbitrary code.
Affected component: msm kernel 4.14.
47) Race condition (CVE-ID: CVE-2020-11173)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in drivers/char/adsprpc.c file. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
Affected component: msm kernel 4.14.
48) Integer underflow (CVE-ID: CVE-2020-11174)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to integer underflow in the drivers/char/adsprpc.c file. A malicious application can trigger integer underflow and execute arbitrary code on the device.
Remediation
Install update from vendor's website.
References
- https://source.android.com/security/bulletin/2020-10-01
- https://android.googlesource.com/platform/system/core/+/4048e49956a2dfd49af3adf0f78881bf15f3550f
- https://android.googlesource.com/platform/frameworks/native/+/e0984b06cb64acc83a54a60854ad03e65a3cea1e
- https://android.googlesource.com/platform/packages/apps/Settings/+/4794b798c427c53a9d0f8c608c367a3e6469ed5f
- https://android.googlesource.com/platform/packages/apps/Settings/+/ee4ec4b33fddb16606136f656db186ada767e8a5
- https://android.googlesource.com/platform/system/core/+/bad50ed24f9d48d001fcedd332d59f162dc3432d
- https://android.googlesource.com/platform/frameworks/opt/telephony/+/cfaf9f980aa8d3ca51cd8555ca27cd0ef561cb02
- https://android.googlesource.com/platform/frameworks/base/+/cbcf477e8b05f092bf6519e3ba4db363247ff4f6
- https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238
- https://source.android.com/security/bulletin/pixel/2020-06-01
- https://android.googlesource.com/platform/external/libhevc/+/75db1b8e484ffd9256c553cb28dcd0b5d7a3c274
- https://android.googlesource.com/platform/frameworks/av/+/7c67c79fff14cf28a19fda1bfb532804759f85fe
- https://android.googlesource.com/platform/frameworks/native/+/76923a32ab6ea25115b65ff86ade7235ba7b3a33
- https://android.googlesource.com/platform/system/bt/+/26a348a610ec277384c98f42acd841ae647d2131
- https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/6f1aafe2d4b979cf64ab7a5150a021f977cfed37
- https://android.googlesource.com/platform/packages/services/Telephony/+/b722e6d0bef5bdcf3cf7368b765ed08a98bdee1c
- https://android.googlesource.com/platform/packages/apps/Bluetooth/+/4e9aefd2167cffd745d92abe4c7ce3b2bdbd91ff
- https://android.googlesource.com/platform/frameworks/base/+/a95061ca2d4676bd8083baa7252785566fc3358f
- https://android.googlesource.com/platform/packages/apps/Contacts/+/c987095255ee953de27ea1de360c44aa99b1b856
- https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=146e6bb29827f0d3d1fb05ed980400bb53af13c2
- https://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=5e62fe09e56dd7dca54335ca8d4eb2be5c62cc37
- https://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=d37bbae685207dbc67f31bc7f4ad0c6a754...
- https://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=99d604642ea81f1596bb3734d82896da19f29ede
- https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=cd83646c66cdfecb5168a5585498fdcab8e65944