SB2021040502 - Multiple vulnerabilities in Google Android

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021040502

SB2021040502 - Multiple vulnerabilities in Google Android

Published: April 5, 2021 Updated: August 15, 2021

Security Bulletin ID SB2021040502
Severity
High
Patch available
YES
Number of vulnerabilities 36
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 3% Medium 17% Low 81%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 36 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2020-11237)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in Modem when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it. A malicious application can trigger memory corruption and execute arbitrary code with elevated privileges.


2) Use of insufficiently random values (CVE-ID: CVE-2020-25705)

The vulnerability allows a remote attacker to gain access to sensitive information.

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.


3) Use-after-free (CVE-ID: CVE-2020-11234)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Data HLOS when sending a socket event message to a user application. A malicious application can pass invalid information, if socket is freed by another thread, trigger a use-after-free error and escalate privileges on the system.



4) Buffer overflow (CVE-ID: CVE-2020-11210)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in RPM region due to improper XPU configuration. A malicious application can trigger memory corruption and execute arbitrary code with elevated privileges.


5) Out-of-bounds read (CVE-ID: CVE-2020-11191)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing SDP packets in Data Modem. A remote attacker can send specially crafted SDP packets to the system, trigger out-of-bounds read error and read contents of memory on the system or crash it.

6) Buffer overflow (CVE-ID: CVE-2020-11236)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to invalid value of total dimension in the non-histogram type KPI in Modem. A malicious application can trigger memory corruption and execute arbitrary code with elevated privileges.


7) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2020-11242)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect argument into address range validation api used in SDI to capture requested contents. A local user can gain access to secure memory and elevate privileges on the system.


8) Detection of Error Condition Without Action (CVE-ID: CVE-2020-11243)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in LTE module due to RRC sends a connection establishment success to NAS even though connection setup validation returns failure. A remote attacker can perform a denial of service attack.


9) Integer overflow (CVE-ID: CVE-2020-11245)

The vulnerability allows a local user to escalate privileges on the system

The vulnerability exists due to unintended reads and writes by NS EL2 in access control driver. A malicious application can trigger integer overflow and execute arbitrary code with elevated privileges.


10) Double Free (CVE-ID: CVE-2020-11246)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in Digital Rights Management when the device moves to suspend mode during secure playback. A malicious application can can trigger a double free error and execute arbitrary code with elevated privileges.



11) Out-of-bounds read (CVE-ID: CVE-2020-11247)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition while unpacking data in Data Modem. A remote attacker can send specially crafted packets to the system, trigger out-of-bounds read error and read contents of memory on the system or crash it.

12) Out-of-bounds read (CVE-ID: CVE-2020-11251)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing DTMF payload in Data Modem. A remote attacker can send specially crafted data to the system, trigger out-of-bounds read error and read contents of memory on the system or crash it.

13) Improper access control (CVE-ID: CVE-2020-11252)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper access restrictions during trustzone initialization, as xPU get disabled when memory dumps are enabled. A local user can gain access to sensitive information on the system.


14) Memory leak (CVE-ID: CVE-2020-11255)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak when processing RTCP packets containing multiple SDES reports in Data Modem. A remote attacker can send specially crafted RTCP packets to the system and perform denial of service attack.


15) Use-after-free (CVE-ID: CVE-2020-15436)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in fs/block_dev.c in the Linux kernel. A local user can run a specially crafted program to escalate privileges on the system.


16) Security restrictions bypass (CVE-ID: CVE-2021-0444)

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists in Android Framework component due to incorrect privilege management. An attacker can bypass implemented security restrictions and gain access to otherwise restricted functionality.

17) Security restrictions bypass (CVE-ID: CVE-2021-0443)

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists in Android Framework component due to incorrect privilege management. An attacker can bypass implemented security restrictions and gain access to otherwise restricted functionality.

18) Security restrictions bypass (CVE-ID: CVE-2021-0438)

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists in Android Framework component due to incorrect privilege management. An attacker can bypass implemented security restrictions and gain access to otherwise restricted functionality.

19) Security restrictions bypass (CVE-ID: CVE-2021-0442)

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists in Android Framework component due to incorrect privilege management. An attacker can bypass implemented security restrictions and gain access to otherwise restricted functionality.


20) Security restrictions bypass (CVE-ID: CVE-2021-0439)

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists in Android Framework component due to incorrect privilege management. An attacker can bypass implemented security restrictions and gain access to otherwise restricted functionality.


21) Security restrictions bypass (CVE-ID: CVE-2021-0432)

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists in Statsd in Android Framework component due to incorrect privilege management. An attacker can bypass implemented security restrictions and gain access to otherwise restricted functionality.


22) Security restrictions bypass (CVE-ID: CVE-2021-0427)

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists in Statsd in Android Framework component due to incorrect privilege management. An attacker can bypass implemented security restrictions and gain access to otherwise restricted functionality.


23) Security restrictions bypass (CVE-ID: CVE-2021-0426)

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists in Statsd in Android Framework component due to incorrect privilege management. An attacker can bypass implemented security restrictions and gain access to otherwise restricted functionality.


24) Security restrictions bypass (CVE-ID: CVE-2021-0400)

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists in Android Framework component due to incorrect privilege management. An attacker can bypass implemented security restrictions and gain access to otherwise restricted functionality.


25) Security restrictions bypass (CVE-ID: CVE-2021-0468)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to unspecified error in MediaTek component. A local user can gain access to otherwise restricted functionality.


26) Information disclosure (CVE-ID: CVE-2021-0428)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to unspecified error in System component. A local user can gain access to sensitive information.


27) Security restrictions bypass (CVE-ID: CVE-2021-0445)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the System component does not properly impose security restrictions. A local application can run a specially crafted code to bypass user interaction requirements and gain access to additional permissions.


28) Security restrictions bypass (CVE-ID: CVE-2021-0435)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to application does not properly impose security restrictions within the System component. A local user can run a specially crafted code to bypass implemented security restrictions.


29) Security restrictions bypass (CVE-ID: CVE-2021-0446)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to application does not properly impose security restrictions within the System component. A local user can run a specially crafted code to bypass implemented security restrictions.


30) Security restrictions bypass (CVE-ID: CVE-2021-0431)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to application does not properly impose security restrictions within the System component. A local user can run a specially crafted code to bypass implemented security restrictions.


31) Security restrictions bypass (CVE-ID: CVE-2021-0433)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to application does not properly impose security restrictions within the System component. A local user can run a specially crafted code to bypass implemented security restrictions.


32) Security restrictions bypass (CVE-ID: CVE-2021-0429)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to application does not properly impose security restrictions within the System component. A local user can run a specially crafted code to bypass implemented security restrictions.


33) Buffer overflow (CVE-ID: CVE-2021-0430)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing certain files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


34) Information disclosure (CVE-ID: CVE-2021-0471)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to unspecified error in Media Framework component. A local user can gain access to sensitive information on the system.


35) Information disclosure (CVE-ID: CVE-2021-0436)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to unspecified error in Media Framework component. A local user can gain access to sensitive information on the system.


36) Security restrictions bypass (CVE-ID: CVE-2021-0437)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to application does not properly impose security restrictions in Media Framework. A local user can run a specially crafted application to bypass user interaction requirements and gain additional permissions on the system.


Remediation

Install update from vendor's website.

References