Headline
CVE-2023-21250
In gatt_end_operation of gatt_utils.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
)]}’ { "commit": "ec573bc83f1ed6722f7cb29431dcb2db7f10bf28", "tree": "fd6f20974682033c34ece18b5c4290e883538295", "parents": [ “2d1500894bb878fae13e7518935b6176b974f479” ], "author": { "name": "tyiu", "email": "[email protected]", "time": “Tue Mar 28 18:40:51 2023 +0000” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu May 11 18:41:21 2023 +0000” }, "message": "Fix gatt_end_operation buffer overflow\n\nAdded boundary check for gatt_end_operation to prevent writing out of\nboundary.\n\nSince response of the GATT server is handled in\ngatt_client_handle_server_rsp() and gatt_process_read_rsp(), the maximum\nlenth that can be passed into the handlers is bounded by\nGATT_MAX_MTU_SIZE, which is set to 517, which is greater than\nGATT_MAX_ATTR_LEN which is set to 512. The fact that there is no spec\nthat gaurentees MTU response to be less than or equal to 512 bytes can\ncause a buffer overflow when performing memcpy without length check.\n\nBug: 261068592\nTest: No test since not affecting behavior\nTag: #security\nIgnore-AOSP-First: security\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7236e4492470e30c129d01d521a7d218494725b4)\nMerged-In: I49e2797cd9300ee4cd69f2c7fa5f0073db78b873\nChange-Id: I49e2797cd9300ee4cd69f2c7fa5f0073db78b873\n", "tree_diff": [ { "type": "modify", "old_id": "991944a19029c4abab1cf37e0e0473a7f41bf527", "old_mode": 33188, "old_path": "system/stack/gatt/gatt_utils.cc", "new_id": "ff15e28d13b5ae401c2b44fb32a1dd8a78b37f6a", "new_mode": 33188, "new_path": “system/stack/gatt/gatt_utils.cc” } ] }
Related news
In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Among these, three vulnerabilities have been identified as actively exploited in targeted attacks. One of the vulnerabilities tracked as CVE-2023-26083 is a memory leak flaw affecting the Arm Mali GPU driver for Bifrost, Avalon, and Valhall chips. This particular
Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Android Tags: 2023-07-05 Tags: CVE2021-29256 Tags: CVE-2023-26083 Tags: CVE-2023-2136 Tags: CVE-2023-21250 Tags: ARM Tags: Skia Google has patched 43 vulnerabilities in Android, three of which are actively exploited zero-day vulnerabilities. (Read more...) The post Update Android now! Google patches three actively exploited zero-days appeared first on Malwarebytes Labs.