SB2021090719 - Multiple vulnerabilities in Google Android
Published: September 7, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 19 secuirty vulnerabilities.
1) Improper Validation of Array Index (CVE-ID: CVE-2021-1933)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper validation of invite message with SDP body within the Data Modem component. A remote attacker can send specially crafted data to the system, trigger memory corruption and execute arbitrary code on the system.
2) Buffer Over-read (CVE-ID: CVE-2021-1974)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU within the WLAN Host Communication component. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
3) NULL pointer dereference (CVE-ID: CVE-2021-30290)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error caused by race condition between timeline fence signal and time line fence destroy in Graphics subsystem. A local user can perform a denial of service (DoS) attack.
4) NULL pointer dereference (CVE-ID: CVE-2021-30294)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in KGSL GPU auxiliary command within the Graphics subsystem. A local user can perform a denial of service (DoS) attack.
5) Untrusted Pointer Dereference (CVE-ID: CVE-2021-1886)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to untrusted pointer dereference within the in Key Management component in HLOS. A malicious application can trigger memory corruption and execute arbitrary code with elevated privileges.
6) Double Free (CVE-ID: CVE-2021-1888)
The vulnerability allows a malicious application to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Trusted Application implementation in HLOS. A malicious application can pass specially crafted data to the system, trigger double free error and execute arbitrary code with elevated privileges.
7) Buffer overflow (CVE-ID: CVE-2021-1889)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in Trusted Application component in HLOS. A malicious application can trigger memory corruption and execute arbitrary code with elevated privileges.
8) Buffer overflow (CVE-ID: CVE-2021-1890)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error caused by improper length check of public exponent in RSA import key function in HLOS. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
9) NULL pointer dereference (CVE-ID: CVE-2021-1946)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a NULL pointer dereference error while processing crafted SDP body within the Data Modem component. A remote attacker can send specially crafted data to the system and execute arbitrary code.
10) Buffer Over-read (CVE-ID: CVE-2021-1941)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper length check on WPA IE string sent by peer within the WLAN Host Communication component. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
11) Buffer overflow (CVE-ID: CVE-2021-1909)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to lack of length check of parameters passed from trusted applications within the Core component. A local application can trigger a buffer overflow and execute arbitrary code with elevated privileges.
12) Type conversion (CVE-ID: CVE-2021-1923)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect pointer argument is passed to trusted application TA in HLOS subsystem. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.
13) Double Free (CVE-ID: CVE-2021-1934)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists within Digital Rights Management in Content Protection due to improper check when application loader object is explicitly destructed while application is unloading. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
14) NULL pointer dereference (CVE-ID: CVE-2021-1935)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error during key import in HLOS component. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
15) Buffer overflow (CVE-ID: CVE-2021-1952)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Boot subsystem. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
16) Buffer Over-read (CVE-ID: CVE-2021-1971)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to lack of physical layer state validation within the WLAN HAL. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
17) Buffer overflow (CVE-ID: CVE-2021-30295)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of local variable while storing current task information locally within the DSP Service. A local user can perform a denial of service attack or corrupt files on the system.
18) Buffer Over-read (CVE-ID: CVE-2021-1948)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to lack of length check of data while parsing the beacon or probe response within the WLAN Host Communication component. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
19) Information disclosure (CVE-ID: CVE-2021-0428)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in System component. A local user can gain access to sensitive information.
Remediation
Install update from vendor's website.