SB2022110871 - Red Hat Enterprise Linux 8 update for gdisk

Security Bulletin ID SB2022110871

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2020-0256)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-152874864

2) Out-of-bounds write (CVE-ID: CVE-2021-0308)

The vulnerability allows a local authenticated user to execute arbitrary code.

In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2022:7700

SB2022110871 - Red Hat Enterprise Linux 8 update for gdisk

Breakdown by Severity

Description

Remediation

References

Please verify you're human