Headline
CVE-2021-39810: Android 14 Security Release Notes
In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published October 4, 2023 | Updated October 26, 2023
This Android Security Release Notes contains details of security vulnerabilities affecting Android devices which are addressed as part of Android 14. Android 14 devices with a security patch level of 2023-10-01 or later are protected against these issues (Android 14 , as released on AOSP, will have a default security patch level of 2023-10-01). To learn how to check a device’s security patch level, see Check and update your Android version.
Android partners are notified of all issues prior to publication. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository as part of the Android 14 release.
The severity assessment of issues in these release notes are based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.
We have had no reports of active customer exploitation or abuse of these newly reported issues. Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.
Announcements
- The issues described in this document are addressed as part of Android 14 . This information is provided for reference and transparency.
- We would like to acknowledge and thank the security research community for their continued contributions towards securing the Android ecosystem.
Android and Google service mitigations
This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.
- Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
- The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.
Android 14 vulnerability details
The sections below provide details for security vulnerabilities fixed as part of Android 14 . Vulnerabilities are grouped under the component that they affect and include details such as the CVE, associated references, type of vulnerability, and severity.
Android runtime
CVE
References
Type
Severity
CVE-2022-29824
A-272276710
EoP
High
CVE-2023-21309
A-266432364
ID
Moderate
CVE-2023-21366
A-265440128
ID
Moderate
CVE-2023-21367
A-265499381
ID
Moderate
CVE-2023-21372
A-262741239
EoP
Moderate
CVE-2023-40101
A-267617531
ID
Moderate
Framework
CVE
References
Type
Severity
CVE-2023-21342
A-232799171
EoP
High
CVE-2023-21343
A-257953844
EoP
High
CVE-2023-21351
A-232798676
EoP
High
CVE-2023-21398
A-274592326
EoP
High
CVE-2023-21362
A-229633537
DoS
High
CVE-2023-21364
A-262595156
DoS
High
CVE-2023-21365
A-262594744
DoS
High
CVE-2023-21298
A-179699722
EoP
Moderate
CVE-2023-21324
A-197327805
EoP
Moderate
CVE-2023-21328
A-195963690
EoP
Moderate
CVE-2023-21337
A-179783499
EoP
Moderate
CVE-2023-21338
A-179783492
EoP
Moderate
CVE-2023-21341
A-190694761
EoP
Moderate
CVE-2023-21374
A-267313135
EoP
Moderate
CVE-2023-21397
A-245300607
EoP
Moderate
CVE-2022-20264
A-217561828
ID
Moderate
CVE-2022-27404
A-271684625
ID
Moderate
CVE-2023-21293
A-213903886
ID
Moderate
CVE-2023-21294
A-191678586
ID
Moderate
CVE-2023-21295
A-187957189
ID
Moderate
CVE-2023-21296
A-202386106
ID
Moderate
CVE-2023-21299
A-224533639
ID
Moderate
CVE-2023-21300
A-224015938
ID
Moderate
CVE-2023-21301
A-224976267
ID
Moderate
CVE-2023-21302
A-228450093
ID
Moderate
CVE-2023-21303
A-208257145
ID
Moderate
CVE-2023-21304
A-208257015
ID
Moderate
CVE-2023-21305
A-207671082
ID
Moderate
CVE-2023-21306
A-208258924
ID
Moderate
CVE-2023-21316
A-207133734
ID
Moderate
CVE-2023-21317
A-207670653
ID
Moderate
CVE-2023-21318
A-208258815
ID
Moderate
CVE-2023-21319
A-217740016
ID
Moderate
CVE-2023-21320
A-205707373
ID
Moderate
CVE-2023-21321
A-231160336
ID
Moderate
CVE-2023-21323
A-232796464
ID
Moderate
CVE-2023-21326
A-232415364
ID
Moderate
CVE-2023-21327
A-186404361
ID
Moderate
CVE-2023-21329
A-185126503
ID
Moderate
CVE-2023-21330
A-238299601
ID
Moderate
CVE-2023-21331
A-227208010
ID
Moderate
CVE-2023-21332
A-212287294
ID
Moderate
CVE-2023-21333
A-212287061
ID
Moderate
CVE-2023-21334
A-189944359
ID
Moderate
CVE-2023-21336
A-216823971
ID
Moderate
CVE-2023-21344
A-248250734
ID
Moderate
CVE-2023-21346
A-248250674
ID
Moderate
CVE-2023-21348
A-249058614
ID
Moderate
CVE-2023-21349
A-241233589
ID
Moderate
CVE-2023-21354
A-241233630
ID
Moderate
CVE-2023-21377
A-231587164
ID
Moderate
CVE-2023-21382
A-161370118
ID
Moderate
CVE-2023-21387
A-280296227
ID
Moderate
CVE-2023-21339
A-235353864
DoS
Moderate
CVE-2023-21345
A-249056757
ID
Low
CVE-2023-45780
A-215212215
EoP
High
Media Framework
CVE
References
Type
Severity
CVE-2023-21381
A-274883119
EoP
High
CVE-2023-21355
A-274815060
EoP
Moderate
System
CVE
References
Type
Severity
CVE-2021-39810
A-212610736
EoP
High
CVE-2023-21313
A-268341970
EoP
High
CVE-2023-21358
A-274447627
EoP
High
CVE-2023-21361
A-277249213
EoP
High
CVE-2023-21392
A-281346084
EoP
High
CVE-2023-21312
A-277915880
ID
High
CVE-2023-21315
A-277578150
ID
High
CVE-2023-21394
A-273502295
ID
High
CVE-2023-21356
A-276975913
RCE
Moderate
CVE-2023-21310
A-274722163
EoP
Moderate
CVE-2023-21360
A-242994452
EoP
Moderate
CVE-2023-21370
A-263948587
EoP
Moderate
CVE-2023-21371
A-263948508
EoP
Moderate
CVE-2023-21373
A-277073811
EoP
Moderate
CVE-2023-21375
A-261071553
EoP
Moderate
CVE-2023-21376
A-212694314
EoP
Moderate
CVE-2023-21378
A-257953390
EoP
Moderate
CVE-2023-21380
A-274722185
EoP
Moderate
CVE-2023-21388
A-269122009
EoP
Moderate
CVE-2023-21389
A-278559731
EoP
Moderate
CVE-2023-21390
A-271849181
EoP
Moderate
CVE-2023-21393
A-262242946
EoP
Moderate
CVE-2023-21396
A-232258773
EoP
Moderate
CVE-2022-20531
A-231988638
ID
Moderate
CVE-2023-21308
A-252764300
ID
Moderate
CVE-2023-21314
A-266433017
ID
Moderate
CVE-2023-21325
A-230755151
ID
Moderate
CVE-2023-21335
A-232938844
ID
Moderate
CVE-2023-21340
A-236813210
ID
Moderate
CVE-2023-21347
A-242171908
ID
Moderate
CVE-2023-21350
A-243792935
ID
Moderate
CVE-2023-21352
A-244155256
ID
Moderate
CVE-2023-21353
A-244155333
ID
Moderate
CVE-2023-21357
A-252996038
ID
Moderate
CVE-2023-21359
A-260726311
ID
Moderate
CVE-2023-21368
A-277288588
ID
Moderate
CVE-2023-21379
A-264921486
ID
Moderate
CVE-2023-21383
A-233607547
ID
Moderate
CVE-2023-21384
A-256590334
ID
Moderate
CVE-2023-21385
A-271458258
ID
Moderate
CVE-2023-21395
A-259939435
ID
Moderate
CVE-2023-21311
A-237289258
DoS
Moderate
CVE-2023-21369
A-264260808
DoS
Moderate
CVE-2023-21391
A-278556945
DoS
Moderate
CVE-2023-21386
A-275552292
ID
Moderate
CVE-2023-21297
A-230733237
ID
Moderate
CVE-2023-21307
A-192475649
ID
High
Common questions and answers
This section answers common questions that may occur after reading this bulletin.
1. How do I determine if my device is updated to address these issues?
To learn how to check a device’s security patch level, see Check and update your Android version.
Android 14 , as released on AOSP, has a default security patch level of 2023-10-01. Android devices running Android 14 and with a security patch level of 2023-10-01 or later address all issues contained in these security release notes.
2. What do the entries in the Type column mean?
Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.
Abbreviation
Definition
RCE
Remote code execution
EoP
Elevation of privilege
ID
Information disclosure
DoS
Denial of service
N/A
Classification not available
3. What do the entries in the References column mean?
Entries under the References column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.
Prefix
Reference
A-
Android bug ID
Versions
Version
Date
Notes
1.0
October 4, 2023
Bulletin Published
1.1
October 26, 2023
Updated Issue List
Related news
Gentoo Linux Security Advisory 202402-6 - Multiple vulnerabilities have been discovered in FreeType, the worst of which can lead to remote code execution. Versions greater than or equal to 2.13.0 are affected.
Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally.
In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality.
Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...
In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238745070
Red Hat Security Advisory 2022-8964-01 - The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Issues addressed include a traversal vulnerability.
Red Hat Security Advisory 2022-8938-01 - Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements.
Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: keycloak: path traversal via double URL encoding * CVE-2022-3916: keycloak: Session takeover with OIDC offline refreshtokens
Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-8340-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently. Issues addressed include a buffer overflow vulnerability.
An update for freetype is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27404: FreeType: Buffer overflow in sfnt_init_face * CVE-2022-27405: FreeType: Segmentation violation via FNT_Size_Request * CVE-2022-27406: Freetype: Segmentation violation via FT_Request_Size
libxml2 suffers from an integer overflow vulnerability in xmlParseNameComplex.
An update for freetype is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27404: FreeType: Buffer overflow in sfnt_init_face * CVE-2022-27405: FreeType: Segmentation violation via FNT_Size_Request * CVE-2022-27406: Freetype: Segmentation violation via FT_Request_Size
Red Hat Security Advisory 2022-5908-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.
Openshift Logging Bug Fix Release (5.3.10) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
Red Hat Security Advisory 2022-5531-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs.
Red Hat Security Advisory 2022-5556-01 - Logging Subsystem 5.4.3 has security updates. Issues addressed include denial of service and out of bounds read vulnerabilities.
Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug fixes and feature improvements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29173: go-tuf: No protection against rollback attacks for roles other than root
Ubuntu Security Notice 5528-1 - It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.
An update for libxml2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29824: libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write
libxml2 is vulnerable to a heap buffer overflow when xmlBufAdd is called on a very large buffer.
Ubuntu Security Notice 5422-1 - Shinji Sato discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.