Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-21282

In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

CVE
#android#google#rce#auth

)]}’ { "commit": "4242f97d149b0bf0cd96f00cd1e9d30d5922cd46", "tree": "171f0bb02a5a419e237be316cae8fa72d45031ed", "parents": [ “2474d98134b5fdf5d4d344bbc19a9ec070a06e58” ], "author": { "name": "Fraunhofer IIS FDK", "email": "[email protected]", "time": “Tue May 30 16:39:32 2023 +0200” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu Jun 08 20:33:22 2023 +0000” }, "message": "Increase patchParam array size by one and fix out-of-bounce write in resetLppTransposer().\n\nBug: 279766766\nTest: see POC\n(cherry picked from commit f682b8787eb312b9f8997dac4c2c18bb779cf0df)\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2f8c08a4e7b228a55e4c89f0931069de8eda2df6)\nMerged-In: I206973e0bb21140865efffd930e39f920f477359\nChange-Id: I206973e0bb21140865efffd930e39f920f477359\n", "tree_diff": [ { "type": "modify", "old_id": "51b4395ae4ac74ec7f5c33c3078e2ba7a8e25033", "old_mode": 33188, "old_path": "libSBRdec/src/lpp_tran.h", "new_id": "21c41011115d1ffb73fba08ab96606046aaa3dae", "new_mode": 33188, "new_path": “libSBRdec/src/lpp_tran.h” } ] }

Related news

CVE-2023-39408: September

DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

Google Fixes Serious Security Flaws in Chrome and Android

Plus: Mozilla patches more than a dozen vulnerabilities in Firefox, and enterprise companies Ivanti, Cisco, and SAP roll out a slew of updates to get rid of some high-severity bugs.

CVE-2023-21267: Android Security Bulletin—August 2023

In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907