SB2023011110 - Multiple vulnerabilities in Google Android
Published: January 11, 2023 Updated: March 3, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 59 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2022-25746)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Kernel. A local privileged application can execute arbitrary code.
2) Integer overflow (CVE-ID: CVE-2022-22088)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in Bluetooth HOST. A remote attacker can execute arbitrary code.
3) Buffer over-read (CVE-ID: CVE-2022-33255)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Bluetooth HOST. A remote attacker can read and manipulate data.
4) Cryptographic issues (CVE-ID: CVE-2021-35097)
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper order of signature verification and hashing in the signature verification call. An attacker with physical access can bypass authentication on the system.
5) Cryptographic issues (CVE-ID: CVE-2021-35113)
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper order of signature verification and hashing in the signature verification call. An attacker with physical access can bypass authentication on the system.
6) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2021-35134)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of ELF headers in Boot. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-23960)
The vulnerability allows a local user to obtain potentially sensitive information.
The vulnerability exists due to improper restrictions of cache speculation. A local user can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches and gain access to sensitive information.
The vulnerability was dubbed Spectre-BHB.
8) Use After Free (CVE-ID: CVE-2022-25725)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in MODEM. A local application can perform a denial of service (DoS) attack.
9) Buffer over-read (CVE-ID: CVE-2022-33252)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can read and manipulate data.
10) Missing Authorization (CVE-ID: CVE-2022-44437)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.
11) Buffer over-read (CVE-ID: CVE-2022-33253)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can perform a denial of service (DoS) attack.
12) Integer overflow (CVE-ID: CVE-2022-33266)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in Audio. A local application can read and manipulate data.
13) Improper Validation of Array Index (CVE-ID: CVE-2022-33274)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Android Core. A local application can execute arbitrary code.
14) Buffer overflow (CVE-ID: CVE-2022-33276)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Modem. A local application can execute arbitrary code.
15) Buffer over-read (CVE-ID: CVE-2022-33283)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can read and manipulate data.
16) Buffer over-read (CVE-ID: CVE-2022-33284)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can read and manipulate data.
17) Buffer over-read (CVE-ID: CVE-2022-33285)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can perform a denial of service (DoS) attack.
18) Buffer over-read (CVE-ID: CVE-2022-33286)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can perform a denial of service (DoS) attack.
19) Missing Authorization (CVE-ID: CVE-2022-44438)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.
20) Missing Authorization (CVE-ID: CVE-2022-44436)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.
21) Use-after-free (CVE-ID: CVE-2022-42719)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the mac80211 stack in Linux kernel when parsing a multi-BSSID element. A remote attacker on the local network can send specially crafted WLAN frames to the affected system, trigger a use-after-free error and execute arbitrary code.
22) Out-of-bounds write (CVE-ID: CVE-2022-32637)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within hevc decoder component. A local application can trigger out-of-bounds write and escalate privileges on the system.
23) Use-after-free (CVE-ID: CVE-2022-42720)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the mac80211 stack in Linux kernel when parsing a multi-BSS element. A remote attacker on the local network can send specially crafted WLAN frames to the affected system, trigger a use-after-free error and execute arbitrary code.24) Buffer overflow (CVE-ID: CVE-2022-42721)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a list management error in the mac80211 stack in the Linux kernel when handling BSS. A remote attacker on the local network can send specially crafted WLAN frames to the system, trigger linked list corruption and execute arbitrary code.
25) Race condition (CVE-ID: CVE-2022-2959)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a missing lock in the pipe_resize_ring() function within the watch queue when performing operations on an object. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
26) Buffer overflow (CVE-ID: CVE-2022-41674)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing WLAN frames within the ieee80211_bss_info_update() function in net/mac80211/scan.c in Linux kernel. A remote attacker on the local network can send specially crafted WLAN frames to the affected system, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) Use-after-free (CVE-ID: CVE-2023-20928)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Binder driver. A local application can trigger a race condition and execute arbitrary code with elevated privileges.
28) Buffer overflow (CVE-ID: CVE-2022-20235)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in Imagination Technologies PowerVR-GPU component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
29) Out-of-bounds write (CVE-ID: CVE-2022-32635)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the gps component. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
30) Integer overflow (CVE-ID: CVE-2022-32636)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to integer overflow within the keyinstall component. A local application can trigger integer overflow and escalate privileges on the system.
31) Integer Overflow or Wraparound (CVE-ID: CVE-2022-44425)
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.
32) Missing Authorization (CVE-ID: CVE-2022-44435)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.
33) Integer Overflow or Wraparound (CVE-ID: CVE-2022-44426)
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.
34) Heap-based Buffer Overflow (CVE-ID: CVE-2022-44427)
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.
35) Heap-based Buffer Overflow (CVE-ID: CVE-2022-44428)
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.
36) Heap-based Buffer Overflow (CVE-ID: CVE-2022-44429)
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.
37) Heap-based Buffer Overflow (CVE-ID: CVE-2022-44430)
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.
38) Out-of-bounds write (CVE-ID: CVE-2022-44431)
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.
39) Integer Overflow or Wraparound (CVE-ID: CVE-2022-44432)
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.
40) Missing Authorization (CVE-ID: CVE-2022-44434)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.
41) Buffer overflow (CVE-ID: CVE-2023-20905)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android System. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
42) Buffer overflow (CVE-ID: CVE-2023-20904)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android System. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
43) Buffer overflow (CVE-ID: CVE-2023-20915)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android System. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
44) Buffer overflow (CVE-ID: CVE-2023-20912)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework in MediaProvider component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
45) Input validation error (CVE-ID: CVE-2023-20908)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local application can perform a denial of service (DoS) attack.
46) Buffer overflow (CVE-ID: CVE-2023-20920)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
47) Buffer overflow (CVE-ID: CVE-2023-20918)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
48) Buffer overflow (CVE-ID: CVE-2022-20461)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android System. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
49) Buffer overflow (CVE-ID: CVE-2022-20492)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
50) Buffer overflow (CVE-ID: CVE-2022-20490)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
51) Buffer overflow (CVE-ID: CVE-2022-20489)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
52) Input validation error (CVE-ID: CVE-2023-20922)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local application can perform a denial of service (DoS) attack.
53) Buffer overflow (CVE-ID: CVE-2023-20919)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
54) Buffer overflow (CVE-ID: CVE-2023-20921)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
55) Buffer overflow (CVE-ID: CVE-2022-20493)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
56) Buffer overflow (CVE-ID: CVE-2023-20913)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android System. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
57) Buffer overflow (CVE-ID: CVE-2023-20916)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
58) Input validation error (CVE-ID: CVE-2022-20494)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local application can perform a denial of service (DoS) attack.
59) Buffer overflow (CVE-ID: CVE-2022-20456)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.