SB2023061531 - Multiple vulnerabilities in Google Pixel
Published: June 15, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 107 secuirty vulnerabilities.
1) Information exposure (CVE-ID: CVE-2023-21213)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
2) Information exposure (CVE-ID: CVE-2023-21226)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the modem subcomponent in Pixel. A local application can gain access to sensitive information.
3) Information exposure (CVE-ID: CVE-2023-21220)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the TBD subcomponent in Pixel. A local application can gain access to sensitive information.
4) Information exposure (CVE-ID: CVE-2023-21219)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the TBD subcomponent in Pixel. A local application can gain access to sensitive information.
5) Information exposure (CVE-ID: CVE-2022-39901)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Lassen Baseband subcomponent in Pixel. A local application can gain access to sensitive information.
6) Improper input validation (CVE-ID: CVE-2023-21225)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Protected Confirmation subcomponent in Pixel. A local application can execute arbitrary code.
7) Improper input validation (CVE-ID: CVE-2023-21066)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the exynos-slsi subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
8) Improper input validation (CVE-ID: CVE-2023-21201)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.
9) Improper input validation (CVE-ID: CVE-2023-21186)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.
10) Improper input validation (CVE-ID: CVE-2023-21176)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.
11) Information exposure (CVE-ID: CVE-2023-21214)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
12) Information exposure (CVE-ID: CVE-2023-21212)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
13) Improper input validation (CVE-ID: CVE-2023-21147)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Pixel camera driver subcomponent in Pixel. A local application can execute arbitrary code.
14) Information exposure (CVE-ID: CVE-2023-21211)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
15) Information exposure (CVE-ID: CVE-2023-21210)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
16) Information exposure (CVE-ID: CVE-2023-21208)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
17) Information exposure (CVE-ID: CVE-2023-21206)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
18) Information exposure (CVE-ID: CVE-2023-21205)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
19) Information exposure (CVE-ID: CVE-2023-21204)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
20) Information exposure (CVE-ID: CVE-2023-21202)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
21) Information exposure (CVE-ID: CVE-2023-21200)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
22) Information exposure (CVE-ID: CVE-2023-21199)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
23) Information exposure (CVE-ID: CVE-2023-21198)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
24) Information exposure (CVE-ID: CVE-2023-21197)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
25) Improper input validation (CVE-ID: CVE-2023-21146)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the LWIS subcomponent in Pixel. A local application can execute arbitrary code.
26) Improper input validation (CVE-ID: CVE-2023-21149)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the ShannonRcs subcomponent in Pixel. A local application can execute arbitrary code.
27) Information exposure (CVE-ID: CVE-2023-21195)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
28) Information exposure (CVE-ID: CVE-2023-21158)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the exynos-ril subcomponent in Pixel. A local application can gain access to sensitive information.
29) Memory corruption (CVE-ID: CVE-2022-33267)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Linux. A local privileged application can execute arbitrary code.
30) Use After Free (CVE-ID: CVE-2022-33263)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Core. A local privileged application can execute arbitrary code.
31) Type conversion (CVE-ID: CVE-2022-33240)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A local privileged application can execute arbitrary code.
32) Buffer overflow (CVE-ID: CVE-2022-33230)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in FM Host. A local privileged application can execute arbitrary code.
33) Double Free (CVE-ID: CVE-2022-33227)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Linux-Android. A local privileged application can execute arbitrary code.
34) Buffer overflow (CVE-ID: CVE-2022-33226)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Core. A local privileged application can execute arbitrary code.
35) Buffer overflow (CVE-ID: CVE-2022-33224)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Core. A local privileged application can execute arbitrary code.
36) Resource exhaustion (CVE-ID: CVE-2022-33303)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Linux kernel. A local application can perform a denial of service (DoS) attack.
37) Information exposure (CVE-ID: CVE-2023-21224)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the exynos-slsi subcomponent in Pixel. A local application can gain access to sensitive information.
38) Information exposure (CVE-ID: CVE-2023-21223)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos SLSI subcomponent in Pixel. A local application can gain access to sensitive information.
39) Information exposure (CVE-ID: CVE-2023-21160)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the exynos-ril subcomponent in Pixel. A local application can gain access to sensitive information.
40) Information exposure (CVE-ID: CVE-2023-21156)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can gain access to sensitive information.
41) Improper input validation (CVE-ID: CVE-2023-21151)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Google BMS Module subcomponent in Pixel. A local application can execute arbitrary code.
42) Information exposure (CVE-ID: CVE-2023-21155)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the libsitril subcomponent in Pixel. A local application can gain access to sensitive information.
43) Information exposure (CVE-ID: CVE-2023-21154)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can gain access to sensitive information.
44) Information exposure (CVE-ID: CVE-2023-21152)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the android.hardware.camera.provider subcomponent in Pixel. A local application can gain access to sensitive information.
45) Information exposure (CVE-ID: CVE-2023-21150)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the audio service subcomponent in Pixel. A local application can gain access to sensitive information.
46) Information exposure (CVE-ID: CVE-2023-21148)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the exynos RIL subcomponent in Pixel. A local application can gain access to sensitive information.
47) Improper input validation (CVE-ID: CVE-2023-21236)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the aoc_core device driver subcomponent in Pixel. A local application can execute arbitrary code.
48) Improper input validation (CVE-ID: CVE-2023-21222)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the libdmc subcomponent in Pixel. A local application can execute arbitrary code.
49) Improper input validation (CVE-ID: CVE-2023-21161)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the exynos-ril subcomponent in Pixel. A local application can execute arbitrary code.
50) Improper input validation (CVE-ID: CVE-2023-21159)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the exynos-ril subcomponent in Pixel. A local application can execute arbitrary code.
51) Improper input validation (CVE-ID: CVE-2023-21157)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the exynos-ril subcomponent in Pixel. A local application can execute arbitrary code.
52) Improper input validation (CVE-ID: CVE-2023-21153)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
53) Information exposure (CVE-ID: CVE-2023-21196)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
54) Information exposure (CVE-ID: CVE-2023-21194)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
55) Information exposure (CVE-ID: CVE-2023-21237)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
Note, the vulnerability is being actively exploited in the wild.
56) Improper input validation (CVE-ID: CVE-2023-21172)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
57) Improper input validation (CVE-ID: CVE-2023-21207)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
58) Improper input validation (CVE-ID: CVE-2023-21203)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
59) Improper input validation (CVE-ID: CVE-2023-21191)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
60) Improper input validation (CVE-ID: CVE-2023-21187)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
61) Improper input validation (CVE-ID: CVE-2023-21185)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
62) Improper input validation (CVE-ID: CVE-2023-21184)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
63) Improper input validation (CVE-ID: CVE-2023-21183)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
64) Improper input validation (CVE-ID: CVE-2023-21179)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
65) Improper input validation (CVE-ID: CVE-2023-21175)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
66) Improper input validation (CVE-ID: CVE-2023-21174)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
67) Improper input validation (CVE-ID: CVE-2023-20985)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
68) Information exposure (CVE-ID: CVE-2023-20968)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
69) Improper input validation (CVE-ID: CVE-2023-20976)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
70) Improper input validation (CVE-ID: CVE-2023-20975)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
71) Improper input validation (CVE-ID: CVE-2023-21167)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
72) Information exposure (CVE-ID: CVE-2023-21193)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
73) Information exposure (CVE-ID: CVE-2023-21178)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
74) Information exposure (CVE-ID: CVE-2023-21177)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
75) Information exposure (CVE-ID: CVE-2023-21168)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
76) Improper input validation (CVE-ID: CVE-2023-21192)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
77) Improper input validation (CVE-ID: CVE-2023-21189)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
78) Improper input validation (CVE-ID: CVE-2023-21171)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
79) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-20971)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in in Android Framework. A local application can execute arbitrary code with elevated privileges.
80) Improper input validation (CVE-ID: CVE-2023-21209)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
81) Information exposure (CVE-ID: CVE-2023-20972)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
82) Information exposure (CVE-ID: CVE-2023-21190)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
83) Information exposure (CVE-ID: CVE-2023-20990)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
84) Information exposure (CVE-ID: CVE-2023-21188)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
85) Information exposure (CVE-ID: CVE-2023-21182)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
86) Information exposure (CVE-ID: CVE-2023-21181)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
87) Information exposure (CVE-ID: CVE-2023-21180)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
88) Information exposure (CVE-ID: CVE-2023-21173)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
89) Information exposure (CVE-ID: CVE-2023-21170)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
90) Information exposure (CVE-ID: CVE-2023-21169)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
91) Information exposure (CVE-ID: CVE-2023-21031)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
92) Information exposure (CVE-ID: CVE-2023-21027)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
93) Information exposure (CVE-ID: CVE-2023-20992)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
94) Information exposure (CVE-ID: CVE-2023-20991)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
95) Information exposure (CVE-ID: CVE-2023-20989)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
96) Information exposure (CVE-ID: CVE-2023-20973)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
97) Information exposure (CVE-ID: CVE-2023-20988)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
98) Information exposure (CVE-ID: CVE-2023-20987)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
99) Information exposure (CVE-ID: CVE-2023-20986)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
100) Information exposure (CVE-ID: CVE-2023-20984)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
101) Information exposure (CVE-ID: CVE-2023-20983)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
102) Information exposure (CVE-ID: CVE-2023-20982)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
103) Information exposure (CVE-ID: CVE-2023-20981)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
104) Information exposure (CVE-ID: CVE-2023-20980)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
105) Information exposure (CVE-ID: CVE-2023-20979)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
106) Information exposure (CVE-ID: CVE-2023-20977)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
107) Information exposure (CVE-ID: CVE-2023-20974)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
Remediation
Install update from vendor's website.