SB2021052006 - Multiple vulnerabilities in Google Android

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021052006

SB2021052006 - Multiple vulnerabilities in Google Android

Published: May 20, 2021 Updated: August 9, 2024

Security Bulletin ID SB2021052006
CSH Severity
High
Patch available
YES
Number of vulnerabilities 17
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 18% Medium 41% Low 41%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 17 vulnerabilities.


1) Detection of Error Condition Without Action (CVE-ID: CVE-2021-1906)

CWE-ID: -

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Green


The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the Graphics component. A local user can trigger a new GPU address allocation failure and perform a denial of service attack.

Note, the vulnerability is being used in limited targeted attacks.


2) Use-after-free (CVE-ID: CVE-2021-1891)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Audio component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.



3) Use-after-free (CVE-ID: CVE-2021-1905)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green


The vulnerability allows a local user to escalate privileges on the system

The vulnerability exists due to a use-after-free error in Graphics component when handling memory mapping of multiple processes simultaneously. A local user can escalate privileges on the system.

Note, the vulnerability is being used in limited targeted attacks.


4) Use-after-free (CVE-ID: CVE-2021-1927)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in DSP Services within FastRPC driver. A local user can execute arbitrary code with elevated privileges.



5) Reachable Assertion (CVE-ID: CVE-2020-11273)

CWE-ID: CWE-617 - Reachable Assertion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the Modem component. Histogram type KPI was teardown with the assumption of the existence of histogram binning info and will lead to null pointer access when histogram binning info is missing due to lack of null check.


6) Reachable Assertion (CVE-ID: CVE-2020-11274)

CWE-ID: CWE-617 - Reachable Assertion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the Modem component due to invalid configuration. A remote attacker can perform a denial of service (DoS) attack.


7) Integer overflow (CVE-ID: CVE-2020-11279)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to integer overflow within the Modem component when processing crafted SDES packets. A remote attacker can pass specially crafted SDES packets to the system, trigger integer overflow and gain access to sensitive information.



8) Buffer overflow (CVE-ID: CVE-2020-11284)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in QTEE. Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory region untrusted source of input for secure boot loader.


9) Out-of-bounds read (CVE-ID: CVE-2020-11285)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Data Modem component when processing RTCP packets. A remote attacker can create a specially crafted RTCP packets to the system, trigger out-of-bounds read error and read contents of memory on the system.


10) Out-of-bounds write (CVE-ID: CVE-2020-11288)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in Content Protection feature while processing commands. A local user can trigger an out-of-bounds write error in playready and escalate privileges on the system.


11) Out-of-bounds write (CVE-ID: CVE-2020-11289)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in TZ command handler within the Content Protection feature. A local user can pass a specially crafted command ID, trigger an out-of-bounds write and execute arbitrary code with elevated privileges.


12) Double Free (CVE-ID: CVE-2021-1910)

CWE-ID: CWE-415 - Double Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Video component. A remote attacker can trick the victim to play a specially crafted video file, trigger a double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


13) Buffer overflow (CVE-ID: CVE-2021-1915)

CWE-ID: CWE-120 - Buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in WLAN component when processing NDP. A local user can trigger buffer overflow and escalate privileges on the system.


14) Race condition (CVE-ID: CVE-2019-2219)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local authenticated user to gain access to sensitive information.

In System UI, there is a possible bypass of user's consent for access to sensor data due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-119041698


15) Improper locking (CVE-ID: CVE-2020-29661)

CWE-ID: CWE-667 - Improper Locking

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear


The vulnerability allows a local user to perform a escalate privileges on the system.

The vulnerability exists due to locking error in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. An local user can exploit this vulnerability to trigger a use-after-free error against TIOCSPGRP and execute arbitrary code with elevated privileges.


16) Use-after-free (CVE-ID: CVE-2021-28663)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber


The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Arm Mali GPU kernel driver. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0. A local application can trigger a use-after-free error and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.


17) Buffer overflow (CVE-ID: CVE-2021-28664)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber


The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Arm Mali GPU kernel driver. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r8p0 through r30p0. A local application can trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.


Remediation

Install update from vendor's website.

References