SB2022090815 - Multiple vulnerabilities in Google Android
Published: September 8, 2022 Updated: September 21, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 47 secuirty vulnerabilities.
1) Improper Authorization (CVE-ID: CVE-2022-22091)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists within the LTE component due to improper authorization of a replayed LTE security mode command. A remote attacker can send specially crafted packets to the affected device and perform a denial of service (DoS) attack.
2) Out-of-bounds read (CVE-ID: CVE-2022-25706)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within Bluetooth HOST when reading l2cap length. A remote attacker with physical proximity to the device can send specially crafted traffic to the system, trigger an out-of-bounds read error and read contents of memory or perform a denial of service (DoS) attack.
3) Buffer overflow (CVE-ID: CVE-2022-25708)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WLAN Firmware when processing keys. A remote attacker on the local network can send specially crafted input to the affected device, trigger memory corruption and execute arbitrary code on the target system.
4) Buffer Over-read (CVE-ID: CVE-2022-22066)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a buffer over-read in the content protection feature when processing command received from HLOS. A local application can trigger a boundary error and execute arbitrary code with elevated privileges.
5) Integer overflow (CVE-ID: CVE-2022-22074)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in Audio component when processing WMA files. A remote attacker can trick the victim to open a specially crafted WMA file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Integer overflow (CVE-ID: CVE-2022-22081)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the audio module. A remote attacker can trick the victim to play a specially crafted media file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Integer overflow (CVE-ID: CVE-2022-22089)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the audio module when processing records. A remote attacker can trick the victim to play a specially crafted file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Use-after-free (CVE-ID: CVE-2022-22092)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kernel component. A local application can trigger a use-after-free error and execute arbitrary code with elevated privileges.
9) Use-after-free (CVE-ID: CVE-2022-25693)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Graphics component. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
10) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2022-22093)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition when handling concurrent hypervisor operations to attach or detach IRQs from virtual interrupt sources. A local application can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
11) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2022-22094)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition when getting mapping reference within the kernel component. A local application can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
12) Buffer overflow (CVE-ID: CVE-2022-25669)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the video component when processing MP4 files. A remote attacker can create a specially crafted MP4 file, trick the victim into playing it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Buffer overflow (CVE-ID: CVE-2022-25686)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the video component when processing WAV files. A remote attacker can create a specially crafted WAV file, trick the victim into playing it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Buffer overflow (CVE-ID: CVE-2022-25688)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the video component when processing PS files. A remote attacker can create a specially crafted PS file, trick the victim into playing it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Improper Validation of Array Index (CVE-ID: CVE-2022-25690)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error in WLAN firmware when parsing ANQP action frames. A remote attacker on the local network can send specially crafted packets to the affected device and gain access to sensitive information.
16) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2022-25696)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition during map or unmap operations within the Display component. A local application can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
17) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-25704)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to unspecified vulnerability within the Qualcomm component. A local application can bypass implemented security restrictions.
18) Out-of-bounds read (CVE-ID: CVE-2022-25670)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the HOST WLAN component when unpacking frames. A remote attacker can send specially crafted traffic to the system, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
19) Information disclosure (CVE-ID: CVE-2022-20399)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to information disclosure within the SELinux component. A local application can gain unauthorized access to sensitive information on the system.
20) Out-of-bounds write (CVE-ID: CVE-2022-26447)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in BT firmware. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
21) Use-after-free (CVE-ID: CVE-2021-4083)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Linux kernel's garbage collection for Unix domain socket file handlers. A local user can call close() and fget() simultaneously and can potentially trigger a race condition, which in turn leads to a use-after-free error and allows privilege escalation.
22) Use-after-free (CVE-ID: CVE-2022-29582)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the io_uring timeouts() function in the Linux kernel. A local user can trigger a race condition between timeout flush and removal to cause a denial of service or escalate privileges on the system.
23) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-0697)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to unspecified vulnerability within the PowerVR-GPU component. A local application can bypass implemented security restrictions.
24) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-0942)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to unspecified vulnerability within the PowerVR-GPU component. A local application can bypass implemented security restrictions.
25) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-0943)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to unspecified vulnerability within the PowerVR-GPU component. A local application can bypass implemented security restrictions.
26) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-0871)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to unspecified vulnerability within the PowerVR-GPU component. A local application can bypass implemented security restrictions.
27) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20385)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to unspecified vulnerability within the Unisoc components. A local application can bypass implemented security restrictions.
28) Integer overflow (CVE-ID: CVE-2022-25656)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to integer overflow within the kernel component. A local application can trigger an integer overflow and execute arbitrary code with elevated privileges.
29) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20386)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to unspecified vulnerability within the Unisoc components. A local application can bypass implemented security restrictions.
30) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20387)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to unspecified vulnerability within the Unisoc components. A local application can bypass implemented security restrictions.
31) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20388)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to unspecified vulnerability within the Unisoc components. A local application can bypass implemented security restrictions.
32) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20389)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to unspecified vulnerability within the Unisoc components. A local application can bypass implemented security restrictions.
33) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20390)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to unspecified vulnerability within the Unisoc components. A local application can bypass implemented security restrictions.
34) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20391)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to unspecified vulnerability within the Unisoc components. A local application can bypass implemented security restrictions.
35) Use-after-free (CVE-ID: CVE-2022-22095)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the synx driver of Multimedia Frameworks. A local application can trigger a use-after-free error and execute arbitrary code with elevated privileges.
36) Improper access control (CVE-ID: CVE-2020-0500)
The vulnerability allows a local application to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to unsafe PendingIntent within the startInputUncheckedLocked of InputMethodManager.java. A local application can bypass implemented security restrictions and gain unauthorized access to the application.
37) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20392)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper permissions management in Android framework. A local application can escalate privileges on the system.
38) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20218)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to logic error in the Permission Controller within the Android framework. A local application can get and retain permissions without user's consent.
39) Information disclosure (CVE-ID: CVE-2022-20396)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output. A local application can gain unauthorized access to sensitive information on the system.
40) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20398)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an error within the WiFi component. A local application can execute arbitrary code with elevated privileges.
41) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20395)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an error within MediaProvider. A local application can escalate privileges on the system.
42) Information disclosure (CVE-ID: CVE-2022-20393)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in Android framework. A local application can gain unauthorized access to sensitive information on the system.
43) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20197)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the Framework. A local application can bypass security restrictions and escalate privileges on the system.
44) Integer overflow (CVE-ID: CVE-2022-22822)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the addBinding() function in xmlparse.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
45) Integer overflow (CVE-ID: CVE-2022-23852)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
46) Integer overflow (CVE-ID: CVE-2022-23990)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the doProlog() function. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
47) Integer overflow (CVE-ID: CVE-2022-25314)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in copyString. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
Remediation
Install update from vendor's website.