SB2022100342 - Multiple vulnerabilities in Google Pixel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022100342

SB2022100342 - Multiple vulnerabilities in Google Pixel

Published: October 3, 2022

Security Bulletin ID SB2022100342
Severity
Medium
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 11% Low 89%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2022-20231)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Trusty component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.



2) Buffer overflow (CVE-ID: CVE-2022-20364)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the kernel component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.


3) Integer overflow (CVE-ID: CVE-2022-22078)

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow within the BOOT subsystem. An attacker with physical access to the affected device can trigger an integer overflow and perform a denial of service (DoS) attack.


4) Information disclosure (CVE-ID: CVE-2022-25664)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to an error within the Graphics component while GPU reads the data. A local application can gain access to sensitive information.


5) Use-after-free (CVE-ID: CVE-2022-25666)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the DSP Service while trying to access maps by different threads. A local application can trigger a use-after-free error and execute arbitrary code with elevated privileges.


6) Untrusted Pointer Dereference (CVE-ID: CVE-2022-25662)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to untrusted pointer dereference when processing multimedia files in Video component. A remote attacker can trick the victim to open a specially crafted file, trigger an untrusted pointer dereference and gain access to sensitive information.


7) Out-of-bounds read (CVE-ID: CVE-2022-25665)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the kernel component. A local application can trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.


8) Information disclosure (CVE-ID: CVE-2022-20464)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to an error within Audio processor in Pixel kernel. A local application can gain unauthorized access to sensitive information on the system.


9) Buffer overflow (CVE-ID: CVE-2022-20397)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the libsitril-se component in Google Pixel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.


Remediation

Install update from vendor's website.

References