SB2023110717 - Multiple vulnerabilities in Google Pixel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023110717

SB2023110717 - Multiple vulnerabilities in Google Pixel

Published: November 7, 2023

Security Bulletin ID SB2023110717
Severity
Medium
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 13% Low 88%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Buffer over-read (CVE-ID: CVE-2023-28553)

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in WLAN Host. A local application can read and manipulate data.


2) Buffer over-read (CVE-ID: CVE-2023-28554)

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in Qualcomm IPC. A local application can read and manipulate data.


3) Buffer over-read (CVE-ID: CVE-2023-28572)

The vulnerability allows a remote privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in WLAN HOST. A remote privileged application can execute arbitrary code.


4) Buffer over-read (CVE-ID: CVE-2023-28563)

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in IOE Firmware. A local application can read and manipulate data.


5) Buffer over-read (CVE-ID: CVE-2023-28566)

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in WLAN HAL. A local application can read and manipulate data.


6) Buffer over-read (CVE-ID: CVE-2023-28568)

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in WLAN HAL. A local application can read and manipulate data.


7) Buffer over-read (CVE-ID: CVE-2023-28569)

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in WLAN HAL. A local application can read and manipulate data.


8) Buffer overflow (CVE-ID: CVE-2023-28570)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in Audio. A local privileged application can execute arbitrary code.


Remediation

Install update from vendor's website.

References