SB2023110717 - Multiple vulnerabilities in Google Pixel



SB2023110717 - Multiple vulnerabilities in Google Pixel

Published: November 7, 2023

Security Bulletin ID SB2023110717
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 13% Low 88%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 vulnerabilities.


1) Buffer over-read (CVE-ID: CVE-2023-28553)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in WLAN Host. A local application can read and manipulate data.


2) Buffer over-read (CVE-ID: CVE-2023-28554)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in Qualcomm IPC. A local application can read and manipulate data.


3) Buffer over-read (CVE-ID: CVE-2023-28572)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in WLAN HOST. A remote privileged application can execute arbitrary code.


4) Buffer over-read (CVE-ID: CVE-2023-28563)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in IOE Firmware. A local application can read and manipulate data.


5) Buffer over-read (CVE-ID: CVE-2023-28566)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in WLAN HAL. A local application can read and manipulate data.


6) Buffer over-read (CVE-ID: CVE-2023-28568)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in WLAN HAL. A local application can read and manipulate data.


7) Buffer over-read (CVE-ID: CVE-2023-28569)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in WLAN HAL. A local application can read and manipulate data.


8) Buffer overflow (CVE-ID: CVE-2023-28570)

CWE-ID: CWE-120 - Buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in Audio. A local privileged application can execute arbitrary code.


Remediation

Install update from vendor's website.