Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-21079: Pixel Update Bulletin—March 2023

In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A

CVE
#vulnerability#android#google#dos#rce#buffer_overflow#wifi

Published March 6, 2023 | Updated March 20, 2023

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices (Google devices). For Google devices, security patch levels of 2023-03-01 or later address all issues in this bulletin and all issues in the March 2023 Android Security Bulletin. To learn how to check a device’s security patch level, see Check and update your Android version.

All supported Google devices will receive an update to the 2023-03-01 patch level. We encourage all customers to accept these updates to their devices.

Announcements

  • In addition to the security vulnerabilities described in the March 2023 Android Security Bulletin, Google devices also contain patches for the security vulnerabilities described below.

Security patches

Vulnerabilities are grouped under the component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, severity, and updated Android Open Source Project (AOSP) versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

Framework

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-21000

A-194783918

RCE

Moderate

13

CVE-2022-20532

A-232242894

EoP

Moderate

13

CVE-2022-20542

A-238083570

EoP

Moderate

13

CVE-2023-20971

A-225880325

EoP

Moderate

13

CVE-2023-21017

A-236687884

EoP

Moderate

13

CVE-2023-21028

A-180680572

ID

Moderate

13

CVE-2023-21029

A-217934898

ID

Moderate

13

CVE-2023-21031

A-242688355

ID

Moderate

13

CVE-2023-20996

A-246749764

DoS

Moderate

13

CVE-2023-20997

A-246749702

DoS

Moderate

13

CVE-2023-20998

A-246749936

DoS

Moderate

13

CVE-2023-20999

A-246750467

DoS

Moderate

13

CVE-2023-21026

A-254681548

DoS

Moderate

13

System

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-20975

A-250573776

EoP

Moderate

13

CVE-2023-20976

A-216117246

EoP

Moderate

13

CVE-2023-20985

A-245915315

EoP

Moderate

13

CVE-2023-20994

A-259062118

EoP

Moderate

13

CVE-2023-20995

A-241910279

EoP

Moderate

13

CVE-2023-21001

A-237672190

EoP

Moderate

13

CVE-2023-21002

A-261193935

EoP

Moderate

13

CVE-2023-21003

A-261193711

EoP

Moderate

13

CVE-2023-21004

A-261193664

EoP

Moderate

13

CVE-2023-21005

A-261193946

EoP

Moderate

13

CVE-2023-21015

A-244569778

EoP

Moderate

13

CVE-2023-21018

A-233338564

EoP

Moderate

13

CVE-2023-21020

A-256591441

EoP

Moderate

13

CVE-2023-21021

A-255537598

EoP

Moderate

13

CVE-2023-21022

A-236098131

EoP

Moderate

13

CVE-2023-21024

A-246543238

EoP

Moderate

13

CVE-2023-21030

A-226234140

EoP

Moderate

13

CVE-2023-21034

A-230358834

EoP

Moderate

13

CVE-2023-21035

A-184847040

EoP

Moderate

13

CVE-2022-40303

A-260709824

ID

Moderate

13

CVE-2023-20968

A-262235935

ID

Moderate

13

CVE-2023-20969

A-262236313

ID

Moderate

13

CVE-2023-20970

A-262236005

ID

Moderate

13

CVE-2023-20972

A-255304665

ID

Moderate

13

CVE-2023-20973

A-260568245

ID

Moderate

13

CVE-2023-20974

A-260078907 [2]

ID

Moderate

13

CVE-2023-20977

A-254445952

ID

Moderate

13

CVE-2023-20979

A-259939364

ID

Moderate

13

CVE-2023-20980

A-260230274

ID

Moderate

13

CVE-2023-20981

A-256165737

ID

Moderate

13

CVE-2023-20982

A-260568083

ID

Moderate

13

CVE-2023-20983

A-260569449

ID

Moderate

13

CVE-2023-20984

A-242993878

ID

Moderate

13

CVE-2023-20986

A-255304475 [2] [3]

ID

Moderate

13

CVE-2023-20987

A-260569414

ID

Moderate

13

CVE-2023-20988

A-260569232

ID

Moderate

13

CVE-2023-20989

A-260568367

ID

Moderate

13

CVE-2023-20990

A-260568354

ID

Moderate

13

CVE-2023-20991

A-255305114

ID

Moderate

13

CVE-2023-20992

A-260568750

ID

Moderate

13

CVE-2023-21006

A-257030027

ID

Moderate

13

CVE-2023-21007

A-257029965

ID

Moderate

13

CVE-2023-21008

A-257030100

ID

Moderate

13

CVE-2023-21009

A-257029925

ID

Moderate

13

CVE-2023-21010

A-257029915

ID

Moderate

13

CVE-2023-21011

A-257029912

ID

Moderate

13

CVE-2023-21012

A-257029812

ID

Moderate

13

CVE-2023-21013

A-256818945

ID

Moderate

13

CVE-2023-21014

A-257029326

ID

Moderate

13

CVE-2023-21019

A-242379731

ID

Moderate

13

CVE-2023-21025

A-254929746

ID

Moderate

13

CVE-2023-21027

A-216854451

ID

Moderate

13

CVE-2023-21032

A-248085351

ID

Moderate

13

CVE-2023-21016

A-213905884

DoS

Moderate

13

CVE-2023-21033

A-244713323

DoS

Moderate

13

Pixel

CVE

References

Type

Severity

Subcomponent

CVE-2022-42498

A-240662453 *

RCE

Critical

Cellular firmware

CVE-2022-42499

A-242001391 *

RCE

Critical

modem

CVE-2023-21057

A-244450646 *

RCE

Critical

Cellular firmware

CVE-2023-21058

A-246169606 *

RCE

Critical

Cellular firmware

CVE-2023-24033

A-265822830 *

RCE

Critical

Modem

CVE-2023-26496

A-274465028 *

RCE

Critical

Modem

CVE-2023-26497

A-274464337 *

RCE

Critical

Modem

CVE-2023-26498

A-274463883 *

RCE

Critical

Modem

CVE-2023-21041

A-250123688 *

EoP

Critical

GSC

CVE-2022-42528

A-242203672 *

ID

Critical

TF-A

CVE-2023-21054

A-244556535 *

RCE

High

Modem

CVE-2023-21040

A-238420277 *

EoP

High

Bluetooth

CVE-2023-21065

A-239630493 *

EoP

High

libfdt

CVE-2023-21036

A-264261868 *

ID

High

Markup

CVE-2023-21067

A-254114726 *

ID

High

GPS

CVE-2022-42500

A-239701389 *

EoP

Moderate

Telephony

CVE-2023-21038

A-224000736 *

EoP

Moderate

Cs40l25 haptic driver

CVE-2023-21042

A-239873326 *

EoP

Moderate

LWIS

CVE-2023-21043

A-239872581 *

EoP

Moderate

LWIS

CVE-2023-21050

A-244423702 *

EoP

Moderate

libexynosdisplay

CVE-2023-21051

A-259323322 *

EoP

Moderate

exynos

CVE-2023-21052

A-259063189 *

EoP

Moderate

libril_sitril

CVE-2023-21055

A-244301523 *

EoP

Moderate

cpif

CVE-2023-21056

A-245300559 *

EoP

Moderate

lwis

CVE-2023-21062

A-243376770 *

EoP

Moderate

rild_exynos

CVE-2023-21063

A-243129862 *

EoP

Moderate

rild_exynos

CVE-2023-21064

A-243130078 *

EoP

Moderate

rild_exynos

CVE-2023-21068

A-243433344 *

EoP

Moderate

Fastboot startup screen

CVE-2023-21069

A-254029309 *

EoP

Moderate

bcm4389 driver

CVE-2023-21070

A-254028776 *

EoP

Moderate

bcm4389 driver

CVE-2023-21071

A-254028518 *

EoP

Moderate

bcm4389 driver

CVE-2023-21072

A-257290781 *

EoP

Moderate

bcm4389 driver

CVE-2023-21073

A-257290396 *

EoP

Moderate

bcm4389 driver

CVE-2023-21075

A-261857862 *

EoP

Moderate

bcmdhd driver

CVE-2023-21076

A-261857623 *

EoP

Moderate

bcmdhd driver

CVE-2023-21077

A-257289560 *

EoP

Moderate

bcm4389 driver

CVE-2023-21078

A-254840211 *

EoP

Moderate

bcm4389 driver

CVE-2023-21079

A-254839721 *

EoP

Moderate

bcm4389

CVE-2023-21039

A-263783650 *

ID

Moderate

dumpstate

CVE-2023-21044

A-253425086 *

ID

Moderate

libvendorgraphicbuffer

CVE-2023-21045

A-259323725 *

ID

Moderate

CPIF

CVE-2023-21046

A-253424924 *

ID

Moderate

Camera HAL

CVE-2023-21047

A-256166866 *

ID

Moderate

Camera HAL

CVE-2023-21048

A-259304053 *

ID

Moderate

WiFi

CVE-2023-21049

A-236688120 *

ID

Moderate

Camera

CVE-2023-21053

A-251805610 *

ID

Moderate

SMS

CVE-2023-21059

A-247564044 *

ID

Moderate

Cellular firmware

CVE-2023-21060

A-253770924 *

ID

Moderate

SMS

CVE-2023-21061

A-229255400 *

DoS

Moderate

Wifi

Qualcomm components

CVE

References

Severity

Subcomponent

CVE-2022-25712

A-235113793
QC-CR#3142221 [2]

Moderate

Camera

CVE-2022-33245

A-245611633
QC-CR#2580147

Moderate

WLAN

Qualcomm closed-source components

CVE

References

Severity

Subcomponent

CVE-2022-33260

A-245612876 *

Moderate

Closed-source component

CVE-2022-40518

A-261492744 *

Moderate

Closed-source component

CVE-2022-40519

A-261492623 *

Moderate

Closed-source component

Functional patches

For details on the new bug fixes and functional patches included in this release, refer to the Pixel Community forum.

Common questions and answers

This section answers common questions that may occur after reading this bulletin.

1. How do I determine if my device is updated to address these issues?

Security patch levels of 2023-03-01 or later address all issues associated with the 2023-03-01 security patch level and all previous patch levels. To learn how to check a device’s security patch level, read the instructions on the Google device update schedule.

2. What do the entries in the Type column mean?

Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

3. What do the entries in the References column mean?

Entries under the References column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

Prefix

Reference

A-

Android bug ID

QC-

Qualcomm reference number

M-

MediaTek reference number

N-

NVIDIA reference number

B-

Broadcom reference number

U-

UNISOC reference number

4. What does an * next to the Android bug ID in the References column mean?

Issues that are not publicly available have an * next to the Android bug ID in the References column. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.

5. Why are security vulnerabilities split between this bulletin and the Android Security Bulletins?

Security vulnerabilities that are documented in the Android Security Bulletins are required to declare the latest security patch level on Android devices. Additional security vulnerabilities, such as those documented in this bulletin are not required for declaring a security patch level.

Versions

Version

Date

Notes

1.0

March 6, 2023

Bulletin Published

1.1

March 20, 2023

Updated Issue List

Related news

Red Hat Security Advisory 2023-4290-01

Red Hat Security Advisory 2023-4290-01 - OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

CVE-2023-21237: Pixel Update Bulletin—June 2023

In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

CVE-2023-31227: May

The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality.

RHSA-2023:0584: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...

Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools

Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. The issue, dubbed aCropalypse, could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that may have been cropped out. Tracked as CVE-2023-28303, the vulnerability is rated 3.3 on the CVSS

Google Pixel: Cropped or edited images can be recovered

Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Pixel Tags: Markup Tags: CVE-2023-21036 Tags: recover Tags: PNG Tags: truncated A vulnerability in the Markup tool that comes pre-installed on Pixel phones allows anyone with access to the edited image to view parts of the original. (Read more...) The post Google Pixel: Cropped or edited images can be recovered appeared first on Malwarebytes Labs.

Unpatched Samsung Chipset Vulnerabilities Open Android Users to RCE Attacks

Users of affected devices that want to mitigate risk from the security issues in the Exynos chipsets can turn off Wi-Fi and Voice-over-LTE settings, researchers from Google's Project Zero say.

Unpatched Samsung Chipset Vulnerabilities Open Android Users to RCE Attacks

Users of affected devices that want to mitigate risk from the security issues in the Exynos chipsets can turn off Wi-Fi and Voice-over-LTE settings, researchers from Google's Project Zero say.

Unpatched Samsung Chipset Vulnerabilities Open Android Users to RCE Attacks

Users of affected devices that want to mitigate risk from the security issues in the Exynos chipsets can turn off Wi-Fi and Voice-over-LTE settings, researchers from Google's Project Zero say.

Unpatched Samsung Chipset Vulnerabilities Open Android Users to RCE Attacks

Users of affected devices that want to mitigate risk from the security issues in the Exynos chipsets can turn off Wi-Fi and Voice-over-LTE settings, researchers from Google's Project Zero say.

Hackers can hijack Samsung and Pixel phones by knowing phone number

By Deeba Ahmed In addition to Google Pixel and Samsung devices, Vivo devices were also vulnerable to this attack. This is a post from HackRead.com Read the original post: Hackers can hijack Samsung and Pixel phones by knowing phone number

Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles

Categories: News Tags: android Tags: google Tags: samsung Tags: chip Tags: VoLTE Tags: modem Tags: chipset Tags: vulnerability Tags: pixel Tags: CVE-2023-24033 We take a look at multiple vulnerabilities highlighted by Google's Project Zero team, and what you can do to ward off the threat of attack. (Read more...) The post Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles appeared first on Malwarebytes Labs.

Red Hat Security Advisory 2023-0804-01

Red Hat Security Advisory 2023-0804-01 - An update is now available for Red Hat OpenShift GitOps 1.5. Red Hat Product Security has rated this update as having a security impact of Important.

RHSA-2023:0803: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functio...

RHSA-2023:0802: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functio...

Red Hat Security Advisory 2023-0632-01

Red Hat Security Advisory 2023-0632-01 - Logging Subsystem 5.4.11 - Red Hat OpenShift.

RHSA-2023:0632: Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update

An update is now available for the Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30123: A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim's terminal. * CVE-2022-41717: A flaw was f...

Qualcomm Chipsets and Lenovo BIOS Get Security Updates to Fix Multiple Flaws

Qualcomm on Tuesday released patches to address multiple security flaws in its chipsets, some of which could be exploited to cause information disclosure and memory corruption. The five vulnerabilities -- tracked from CVE-2022-40516 through CVE-2022-40520 -- also impact Lenovo ThinkPad X13s laptops, prompting the Chinese PC maker to issue BIOS updates to plug the security holes. The list of

Qualcomm Chipsets and Lenovo BIOS Get Security Updates to Fix Multiple Flaws

Qualcomm on Tuesday released patches to address multiple security flaws in its chipsets, some of which could be exploited to cause information disclosure and memory corruption. The five vulnerabilities -- tracked from CVE-2022-40516 through CVE-2022-40520 -- also impact Lenovo ThinkPad X13s laptops, prompting the Chinese PC maker to issue BIOS updates to plug the security holes. The list of

CVE-2022-40303: [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE (c8469863) · Commits · GNOME / libxml2 · GitLab

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

Apple Security Advisory 2022-11-09-1

Apple Security Advisory 2022-11-09-1 - iOS 16.1.1 and iPadOS 16.1.1 addresses code execution and integer overflow vulnerabilities.

libxml2 xmlParseNameComplex Integer Overflow

libxml2 suffers from an integer overflow vulnerability in xmlParseNameComplex.

Debian Security Advisory 5271-1

Debian Linux Security Advisory 5271-1 - Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907