SB2021030514 - Multiple vulnerabilities in Samsung Mobile Firmware

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021030514

SB2021030514 - Multiple vulnerabilities in Samsung Mobile Firmware

Published: March 5, 2021 Updated: June 29, 2023

Security Bulletin ID SB2021030514
Severity
High
Patch available
YES
Number of vulnerabilities 22
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 27% Medium 9% Low 64%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 22 secuirty vulnerabilities.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-25337)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access control in clipboard service. A local application can use the clipboard service to read and write arbitrary files on the device.

Note, the vulnerability is being actively exploited in the wild.


2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-0398)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists within Android framework due to improperly imposed security restrictions. A local application with privileged access to gain access to sensitive data.


3) Heap-based buffer overflow (CVE-ID: CVE-2017-14491)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in dnsmasq.c file when processing DNS replies. A remote unauthenticated attacker can send specially crafted DNS packets to the affected service, trigger heap-based buffer overflow by 2 bytes and crash the service or execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Input validation error (CVE-ID: CVE-2021-0393)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input within the system component in Google Android. A remote attacker can execute arbitrary code on the system.


5) Input validation error (CVE-ID: CVE-2021-0396)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input within the system component in Google Android. A remote attacker can execute arbitrary code on the system.


6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-0390)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists within system component in Google Android due to improperly imposed security restrictions. A local application can execute arbitrary code on the system within the context of a privileged process.


7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-0392)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists within system component in Google Android due to improperly imposed security restrictions. A local application can execute arbitrary code on the system within the context of a privileged process.


8) Information disclosure (CVE-ID: CVE-2021-0394)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to unspecified error in system component in Google Android. A local application can gain access to sensitive data on the system.


9) Information disclosure (CVE-ID: CVE-2021-25335)

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper lockscreen status check in cocktailbar service. An attacker with physical access to device can see hidden notification contents over the lockscreen in specific conditions.


10) Improper access control (CVE-ID: CVE-2021-25336)

The vulnerability allows a local application to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the NotificationManagerService. A local application can bypass implemented security restrictions and acquire access to notification.


11) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-0395)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists within Android runtime due to improperly imposed security restrictions. A local application can execute arbitrary code on the system within the context of a privileged process.


12) Buffer overflow (CVE-ID: CVE-2021-25339)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in HArx. A local application can trigger memory corruption via specially crafted HArx HVC call and execute arbitrary code with kernel privileges.


13) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-25338)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper memory access control in RKP. A local application can write some part of RKP EL2 memory region using compromised kernel.


14) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-25344)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to missing permission check in knox_custom service. A local application can obtain the device’s serial number without permission.


15) Input validation error (CVE-ID: CVE-2021-25345)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to graphic format mismatch while converting video format in hwcomposer. A remote attacker can trick the victim into opening a specially crafted file and cause kernel panic.


16) Improper access control (CVE-ID: CVE-2021-25369)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions to the sec_log file. A local application can read the log file and obtain sensitive system information.

Note, the vulnerability is being actively exploited in the wild.


17) Use-after-free (CVE-ID: CVE-2021-25370)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the dpu driver. A local application can trigger a use-after-free error and execute arbitrary code with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.


18) Security features bypass (CVE-ID: CVE-2021-25371)

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to arbitrary ELF libraries can be loaded inside the DSP driver. A local application installed on the device can load a malicious code inside the DSP driver to hide its presence. 


19) Out-of-bounds write (CVE-ID: CVE-2021-25372)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the DSP driver. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.


20) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-0391)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists within Android framework due to improperly imposed security restrictions. A local application with privileged access to gain access to sensitive data.


21) Input validation error (CVE-ID: CVE-2021-0397)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input within the system component in Google Android. A remote attacker can execute arbitrary code on the system.


22) Input validation error (CVE-ID: CVE-2017-18509)

The vulnerability allows a local authenticated user to execute arbitrary code.

An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.


Remediation

Install update from vendor's website.

References