Headline
CVE-2023-21079: Pixel Update Bulletin—March 2023
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
Published March 6, 2023 | Updated March 20, 2023
The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices (Google devices). For Google devices, security patch levels of 2023-03-01 or later address all issues in this bulletin and all issues in the March 2023 Android Security Bulletin. To learn how to check a device’s security patch level, see Check and update your Android version.
All supported Google devices will receive an update to the 2023-03-01 patch level. We encourage all customers to accept these updates to their devices.
Announcements
- In addition to the security vulnerabilities described in the March 2023 Android Security Bulletin, Google devices also contain patches for the security vulnerabilities described below.
Security patches
Vulnerabilities are grouped under the component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, severity, and updated Android Open Source Project (AOSP) versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.
Framework
CVE
References
Type
Severity
Updated AOSP versions
CVE-2023-21000
A-194783918
RCE
Moderate
13
CVE-2022-20532
A-232242894
EoP
Moderate
13
CVE-2022-20542
A-238083570
EoP
Moderate
13
CVE-2023-20971
A-225880325
EoP
Moderate
13
CVE-2023-21017
A-236687884
EoP
Moderate
13
CVE-2023-21028
A-180680572
ID
Moderate
13
CVE-2023-21029
A-217934898
ID
Moderate
13
CVE-2023-21031
A-242688355
ID
Moderate
13
CVE-2023-20996
A-246749764
DoS
Moderate
13
CVE-2023-20997
A-246749702
DoS
Moderate
13
CVE-2023-20998
A-246749936
DoS
Moderate
13
CVE-2023-20999
A-246750467
DoS
Moderate
13
CVE-2023-21026
A-254681548
DoS
Moderate
13
System
CVE
References
Type
Severity
Updated AOSP versions
CVE-2023-20975
A-250573776
EoP
Moderate
13
CVE-2023-20976
A-216117246
EoP
Moderate
13
CVE-2023-20985
A-245915315
EoP
Moderate
13
CVE-2023-20994
A-259062118
EoP
Moderate
13
CVE-2023-20995
A-241910279
EoP
Moderate
13
CVE-2023-21001
A-237672190
EoP
Moderate
13
CVE-2023-21002
A-261193935
EoP
Moderate
13
CVE-2023-21003
A-261193711
EoP
Moderate
13
CVE-2023-21004
A-261193664
EoP
Moderate
13
CVE-2023-21005
A-261193946
EoP
Moderate
13
CVE-2023-21015
A-244569778
EoP
Moderate
13
CVE-2023-21018
A-233338564
EoP
Moderate
13
CVE-2023-21020
A-256591441
EoP
Moderate
13
CVE-2023-21021
A-255537598
EoP
Moderate
13
CVE-2023-21022
A-236098131
EoP
Moderate
13
CVE-2023-21024
A-246543238
EoP
Moderate
13
CVE-2023-21030
A-226234140
EoP
Moderate
13
CVE-2023-21034
A-230358834
EoP
Moderate
13
CVE-2023-21035
A-184847040
EoP
Moderate
13
CVE-2022-40303
A-260709824
ID
Moderate
13
CVE-2023-20968
A-262235935
ID
Moderate
13
CVE-2023-20969
A-262236313
ID
Moderate
13
CVE-2023-20970
A-262236005
ID
Moderate
13
CVE-2023-20972
A-255304665
ID
Moderate
13
CVE-2023-20973
A-260568245
ID
Moderate
13
CVE-2023-20974
A-260078907 [2]
ID
Moderate
13
CVE-2023-20977
A-254445952
ID
Moderate
13
CVE-2023-20979
A-259939364
ID
Moderate
13
CVE-2023-20980
A-260230274
ID
Moderate
13
CVE-2023-20981
A-256165737
ID
Moderate
13
CVE-2023-20982
A-260568083
ID
Moderate
13
CVE-2023-20983
A-260569449
ID
Moderate
13
CVE-2023-20984
A-242993878
ID
Moderate
13
CVE-2023-20986
A-255304475 [2] [3]
ID
Moderate
13
CVE-2023-20987
A-260569414
ID
Moderate
13
CVE-2023-20988
A-260569232
ID
Moderate
13
CVE-2023-20989
A-260568367
ID
Moderate
13
CVE-2023-20990
A-260568354
ID
Moderate
13
CVE-2023-20991
A-255305114
ID
Moderate
13
CVE-2023-20992
A-260568750
ID
Moderate
13
CVE-2023-21006
A-257030027
ID
Moderate
13
CVE-2023-21007
A-257029965
ID
Moderate
13
CVE-2023-21008
A-257030100
ID
Moderate
13
CVE-2023-21009
A-257029925
ID
Moderate
13
CVE-2023-21010
A-257029915
ID
Moderate
13
CVE-2023-21011
A-257029912
ID
Moderate
13
CVE-2023-21012
A-257029812
ID
Moderate
13
CVE-2023-21013
A-256818945
ID
Moderate
13
CVE-2023-21014
A-257029326
ID
Moderate
13
CVE-2023-21019
A-242379731
ID
Moderate
13
CVE-2023-21025
A-254929746
ID
Moderate
13
CVE-2023-21027
A-216854451
ID
Moderate
13
CVE-2023-21032
A-248085351
ID
Moderate
13
CVE-2023-21016
A-213905884
DoS
Moderate
13
CVE-2023-21033
A-244713323
DoS
Moderate
13
Pixel
CVE
References
Type
Severity
Subcomponent
CVE-2022-42498
A-240662453 *
RCE
Critical
Cellular firmware
CVE-2022-42499
A-242001391 *
RCE
Critical
modem
CVE-2023-21057
A-244450646 *
RCE
Critical
Cellular firmware
CVE-2023-21058
A-246169606 *
RCE
Critical
Cellular firmware
CVE-2023-24033
A-265822830 *
RCE
Critical
Modem
CVE-2023-26496
A-274465028 *
RCE
Critical
Modem
CVE-2023-26497
A-274464337 *
RCE
Critical
Modem
CVE-2023-26498
A-274463883 *
RCE
Critical
Modem
CVE-2023-21041
A-250123688 *
EoP
Critical
GSC
CVE-2022-42528
A-242203672 *
ID
Critical
TF-A
CVE-2023-21054
A-244556535 *
RCE
High
Modem
CVE-2023-21040
A-238420277 *
EoP
High
Bluetooth
CVE-2023-21065
A-239630493 *
EoP
High
libfdt
CVE-2023-21036
A-264261868 *
ID
High
Markup
CVE-2023-21067
A-254114726 *
ID
High
GPS
CVE-2022-42500
A-239701389 *
EoP
Moderate
Telephony
CVE-2023-21038
A-224000736 *
EoP
Moderate
Cs40l25 haptic driver
CVE-2023-21042
A-239873326 *
EoP
Moderate
LWIS
CVE-2023-21043
A-239872581 *
EoP
Moderate
LWIS
CVE-2023-21050
A-244423702 *
EoP
Moderate
libexynosdisplay
CVE-2023-21051
A-259323322 *
EoP
Moderate
exynos
CVE-2023-21052
A-259063189 *
EoP
Moderate
libril_sitril
CVE-2023-21055
A-244301523 *
EoP
Moderate
cpif
CVE-2023-21056
A-245300559 *
EoP
Moderate
lwis
CVE-2023-21062
A-243376770 *
EoP
Moderate
rild_exynos
CVE-2023-21063
A-243129862 *
EoP
Moderate
rild_exynos
CVE-2023-21064
A-243130078 *
EoP
Moderate
rild_exynos
CVE-2023-21068
A-243433344 *
EoP
Moderate
Fastboot startup screen
CVE-2023-21069
A-254029309 *
EoP
Moderate
bcm4389 driver
CVE-2023-21070
A-254028776 *
EoP
Moderate
bcm4389 driver
CVE-2023-21071
A-254028518 *
EoP
Moderate
bcm4389 driver
CVE-2023-21072
A-257290781 *
EoP
Moderate
bcm4389 driver
CVE-2023-21073
A-257290396 *
EoP
Moderate
bcm4389 driver
CVE-2023-21075
A-261857862 *
EoP
Moderate
bcmdhd driver
CVE-2023-21076
A-261857623 *
EoP
Moderate
bcmdhd driver
CVE-2023-21077
A-257289560 *
EoP
Moderate
bcm4389 driver
CVE-2023-21078
A-254840211 *
EoP
Moderate
bcm4389 driver
CVE-2023-21079
A-254839721 *
EoP
Moderate
bcm4389
CVE-2023-21039
A-263783650 *
ID
Moderate
dumpstate
CVE-2023-21044
A-253425086 *
ID
Moderate
libvendorgraphicbuffer
CVE-2023-21045
A-259323725 *
ID
Moderate
CPIF
CVE-2023-21046
A-253424924 *
ID
Moderate
Camera HAL
CVE-2023-21047
A-256166866 *
ID
Moderate
Camera HAL
CVE-2023-21048
A-259304053 *
ID
Moderate
WiFi
CVE-2023-21049
A-236688120 *
ID
Moderate
Camera
CVE-2023-21053
A-251805610 *
ID
Moderate
SMS
CVE-2023-21059
A-247564044 *
ID
Moderate
Cellular firmware
CVE-2023-21060
A-253770924 *
ID
Moderate
SMS
CVE-2023-21061
A-229255400 *
DoS
Moderate
Wifi
Qualcomm components
CVE
References
Severity
Subcomponent
CVE-2022-25712
A-235113793
QC-CR#3142221 [2]
Moderate
Camera
CVE-2022-33245
A-245611633
QC-CR#2580147
Moderate
WLAN
Qualcomm closed-source components
CVE
References
Severity
Subcomponent
CVE-2022-33260
A-245612876 *
Moderate
Closed-source component
CVE-2022-40518
A-261492744 *
Moderate
Closed-source component
CVE-2022-40519
A-261492623 *
Moderate
Closed-source component
Functional patches
For details on the new bug fixes and functional patches included in this release, refer to the Pixel Community forum.
Common questions and answers
This section answers common questions that may occur after reading this bulletin.
1. How do I determine if my device is updated to address these issues?
Security patch levels of 2023-03-01 or later address all issues associated with the 2023-03-01 security patch level and all previous patch levels. To learn how to check a device’s security patch level, read the instructions on the Google device update schedule.
2. What do the entries in the Type column mean?
Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.
Abbreviation
Definition
RCE
Remote code execution
EoP
Elevation of privilege
ID
Information disclosure
DoS
Denial of service
N/A
Classification not available
3. What do the entries in the References column mean?
Entries under the References column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.
Prefix
Reference
A-
Android bug ID
QC-
Qualcomm reference number
M-
MediaTek reference number
N-
NVIDIA reference number
B-
Broadcom reference number
U-
UNISOC reference number
4. What does an * next to the Android bug ID in the References column mean?
Issues that are not publicly available have an * next to the Android bug ID in the References column. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.
5. Why are security vulnerabilities split between this bulletin and the Android Security Bulletins?
Security vulnerabilities that are documented in the Android Security Bulletins are required to declare the latest security patch level on Android devices. Additional security vulnerabilities, such as those documented in this bulletin are not required for declaring a security patch level.
Versions
Version
Date
Notes
1.0
March 6, 2023
Bulletin Published
1.1
March 20, 2023
Updated Issue List
Related news
Red Hat Security Advisory 2023-4290-01 - OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...
The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality.
Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...
Plus: Microsoft Outlook and Android patch serious flaws, Chrome and Firefox get fixes, and much more.
Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. The issue, dubbed aCropalypse, could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that may have been cropped out. Tracked as CVE-2023-28303, the vulnerability is rated 3.3 on the CVSS
Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Pixel Tags: Markup Tags: CVE-2023-21036 Tags: recover Tags: PNG Tags: truncated A vulnerability in the Markup tool that comes pre-installed on Pixel phones allows anyone with access to the edited image to view parts of the original. (Read more...) The post Google Pixel: Cropped or edited images can be recovered appeared first on Malwarebytes Labs.
Users of affected devices that want to mitigate risk from the security issues in the Exynos chipsets can turn off Wi-Fi and Voice-over-LTE settings, researchers from Google's Project Zero say.
Users of affected devices that want to mitigate risk from the security issues in the Exynos chipsets can turn off Wi-Fi and Voice-over-LTE settings, researchers from Google's Project Zero say.
Users of affected devices that want to mitigate risk from the security issues in the Exynos chipsets can turn off Wi-Fi and Voice-over-LTE settings, researchers from Google's Project Zero say.
Users of affected devices that want to mitigate risk from the security issues in the Exynos chipsets can turn off Wi-Fi and Voice-over-LTE settings, researchers from Google's Project Zero say.
By Deeba Ahmed In addition to Google Pixel and Samsung devices, Vivo devices were also vulnerable to this attack. This is a post from HackRead.com Read the original post: Hackers can hijack Samsung and Pixel phones by knowing phone number
Categories: News Tags: android Tags: google Tags: samsung Tags: chip Tags: VoLTE Tags: modem Tags: chipset Tags: vulnerability Tags: pixel Tags: CVE-2023-24033 We take a look at multiple vulnerabilities highlighted by Google's Project Zero team, and what you can do to ward off the threat of attack. (Read more...) The post Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles appeared first on Malwarebytes Labs.
Red Hat Security Advisory 2023-0804-01 - An update is now available for Red Hat OpenShift GitOps 1.5. Red Hat Product Security has rated this update as having a security impact of Important.
An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functio...
An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functio...
Red Hat Security Advisory 2023-0632-01 - Logging Subsystem 5.4.11 - Red Hat OpenShift.
An update is now available for the Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30123: A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim's terminal. * CVE-2022-41717: A flaw was f...
Qualcomm on Tuesday released patches to address multiple security flaws in its chipsets, some of which could be exploited to cause information disclosure and memory corruption. The five vulnerabilities -- tracked from CVE-2022-40516 through CVE-2022-40520 -- also impact Lenovo ThinkPad X13s laptops, prompting the Chinese PC maker to issue BIOS updates to plug the security holes. The list of
Qualcomm on Tuesday released patches to address multiple security flaws in its chipsets, some of which could be exploited to cause information disclosure and memory corruption. The five vulnerabilities -- tracked from CVE-2022-40516 through CVE-2022-40520 -- also impact Lenovo ThinkPad X13s laptops, prompting the Chinese PC maker to issue BIOS updates to plug the security holes. The list of
Plus: Major patches dropped this month for Chrome, Firefox, VMware, Cisco, Citrix, and SAP.
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
Apple Security Advisory 2022-11-09-1 - iOS 16.1.1 and iPadOS 16.1.1 addresses code execution and integer overflow vulnerabilities.
libxml2 suffers from an integer overflow vulnerability in xmlParseNameComplex.
Debian Linux Security Advisory 5271-1 - Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files.