SB2023080748 - Multiple vulnerabilities in Google Pixel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023080748

SB2023080748 - Multiple vulnerabilities in Google Pixel

Published: August 7, 2023

Security Bulletin ID SB2023080748
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2023-21649)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in WLAN. A local privileged application can execute arbitrary code.


2) Memory corruption (CVE-ID: CVE-2023-21627)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in Trusted Execution Environment. A local privileged application can execute arbitrary code.


3) Improper input validation (CVE-ID: CVE-2023-21647)

The vulnerability allows a remote application to gain access to sensitive information.

The vulnerability exists due to improper input validation in Bluetooth HOST. A remote application can gain access to sensitive information.


4) Integer overflow (CVE-ID: CVE-2023-21648)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in RIL. A local privileged application can execute arbitrary code.


5) Improper Validation of Array Index (CVE-ID: CVE-2023-21650)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in GPS HLOS Driver. A local privileged application can execute arbitrary code.


Remediation

Install update from vendor's website.

References