SB2022020339 - Ubuntu update for gdisk

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022020339

SB2022020339 - Ubuntu update for gdisk

Published: February 3, 2022

Security Bulletin ID SB2022020339
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Physical access
Highest impact Code execution

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2020-0256)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-152874864


2) Out-of-bounds write (CVE-ID: CVE-2021-0308)

The vulnerability allows a local authenticated user to execute arbitrary code.

In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095.


Remediation

Install update from vendor's website.

References