Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-39810: Android 14 Security Release Notes

In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE
#vulnerability#android#google#dos#rce

Published October 4, 2023 | Updated October 26, 2023

This Android Security Release Notes contains details of security vulnerabilities affecting Android devices which are addressed as part of Android 14. Android 14 devices with a security patch level of 2023-10-01 or later are protected against these issues (Android 14 , as released on AOSP, will have a default security patch level of 2023-10-01). To learn how to check a device’s security patch level, see Check and update your Android version.

Android partners are notified of all issues prior to publication. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository as part of the Android 14 release.

The severity assessment of issues in these release notes are based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

We have had no reports of active customer exploitation or abuse of these newly reported issues. Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.

Announcements

  • The issues described in this document are addressed as part of Android 14 . This information is provided for reference and transparency.
  • We would like to acknowledge and thank the security research community for their continued contributions towards securing the Android ecosystem.

Android and Google service mitigations

This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.

  • Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
  • The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.

Android 14 vulnerability details

The sections below provide details for security vulnerabilities fixed as part of Android 14 . Vulnerabilities are grouped under the component that they affect and include details such as the CVE, associated references, type of vulnerability, and severity.

Android runtime

CVE

References

Type

Severity

CVE-2022-29824

A-272276710

EoP

High

CVE-2023-21309

A-266432364

ID

Moderate

CVE-2023-21366

A-265440128

ID

Moderate

CVE-2023-21367

A-265499381

ID

Moderate

CVE-2023-21372

A-262741239

EoP

Moderate

CVE-2023-40101

A-267617531

ID

Moderate

Framework

CVE

References

Type

Severity

CVE-2023-21342

A-232799171

EoP

High

CVE-2023-21343

A-257953844

EoP

High

CVE-2023-21351

A-232798676

EoP

High

CVE-2023-21398

A-274592326

EoP

High

CVE-2023-21362

A-229633537

DoS

High

CVE-2023-21364

A-262595156

DoS

High

CVE-2023-21365

A-262594744

DoS

High

CVE-2023-21298

A-179699722

EoP

Moderate

CVE-2023-21324

A-197327805

EoP

Moderate

CVE-2023-21328

A-195963690

EoP

Moderate

CVE-2023-21337

A-179783499

EoP

Moderate

CVE-2023-21338

A-179783492

EoP

Moderate

CVE-2023-21341

A-190694761

EoP

Moderate

CVE-2023-21374

A-267313135

EoP

Moderate

CVE-2023-21397

A-245300607

EoP

Moderate

CVE-2022-20264

A-217561828

ID

Moderate

CVE-2022-27404

A-271684625

ID

Moderate

CVE-2023-21293

A-213903886

ID

Moderate

CVE-2023-21294

A-191678586

ID

Moderate

CVE-2023-21295

A-187957189

ID

Moderate

CVE-2023-21296

A-202386106

ID

Moderate

CVE-2023-21299

A-224533639

ID

Moderate

CVE-2023-21300

A-224015938

ID

Moderate

CVE-2023-21301

A-224976267

ID

Moderate

CVE-2023-21302

A-228450093

ID

Moderate

CVE-2023-21303

A-208257145

ID

Moderate

CVE-2023-21304

A-208257015

ID

Moderate

CVE-2023-21305

A-207671082

ID

Moderate

CVE-2023-21306

A-208258924

ID

Moderate

CVE-2023-21316

A-207133734

ID

Moderate

CVE-2023-21317

A-207670653

ID

Moderate

CVE-2023-21318

A-208258815

ID

Moderate

CVE-2023-21319

A-217740016

ID

Moderate

CVE-2023-21320

A-205707373

ID

Moderate

CVE-2023-21321

A-231160336

ID

Moderate

CVE-2023-21323

A-232796464

ID

Moderate

CVE-2023-21326

A-232415364

ID

Moderate

CVE-2023-21327

A-186404361

ID

Moderate

CVE-2023-21329

A-185126503

ID

Moderate

CVE-2023-21330

A-238299601

ID

Moderate

CVE-2023-21331

A-227208010

ID

Moderate

CVE-2023-21332

A-212287294

ID

Moderate

CVE-2023-21333

A-212287061

ID

Moderate

CVE-2023-21334

A-189944359

ID

Moderate

CVE-2023-21336

A-216823971

ID

Moderate

CVE-2023-21344

A-248250734

ID

Moderate

CVE-2023-21346

A-248250674

ID

Moderate

CVE-2023-21348

A-249058614

ID

Moderate

CVE-2023-21349

A-241233589

ID

Moderate

CVE-2023-21354

A-241233630

ID

Moderate

CVE-2023-21377

A-231587164

ID

Moderate

CVE-2023-21382

A-161370118

ID

Moderate

CVE-2023-21387

A-280296227

ID

Moderate

CVE-2023-21339

A-235353864

DoS

Moderate

CVE-2023-21345

A-249056757

ID

Low

CVE-2023-45780

A-215212215

EoP

High

Media Framework

CVE

References

Type

Severity

CVE-2023-21381

A-274883119

EoP

High

CVE-2023-21355

A-274815060

EoP

Moderate

System

CVE

References

Type

Severity

CVE-2021-39810

A-212610736

EoP

High

CVE-2023-21313

A-268341970

EoP

High

CVE-2023-21358

A-274447627

EoP

High

CVE-2023-21361

A-277249213

EoP

High

CVE-2023-21392

A-281346084

EoP

High

CVE-2023-21312

A-277915880

ID

High

CVE-2023-21315

A-277578150

ID

High

CVE-2023-21394

A-273502295

ID

High

CVE-2023-21356

A-276975913

RCE

Moderate

CVE-2023-21310

A-274722163

EoP

Moderate

CVE-2023-21360

A-242994452

EoP

Moderate

CVE-2023-21370

A-263948587

EoP

Moderate

CVE-2023-21371

A-263948508

EoP

Moderate

CVE-2023-21373

A-277073811

EoP

Moderate

CVE-2023-21375

A-261071553

EoP

Moderate

CVE-2023-21376

A-212694314

EoP

Moderate

CVE-2023-21378

A-257953390

EoP

Moderate

CVE-2023-21380

A-274722185

EoP

Moderate

CVE-2023-21388

A-269122009

EoP

Moderate

CVE-2023-21389

A-278559731

EoP

Moderate

CVE-2023-21390

A-271849181

EoP

Moderate

CVE-2023-21393

A-262242946

EoP

Moderate

CVE-2023-21396

A-232258773

EoP

Moderate

CVE-2022-20531

A-231988638

ID

Moderate

CVE-2023-21308

A-252764300

ID

Moderate

CVE-2023-21314

A-266433017

ID

Moderate

CVE-2023-21325

A-230755151

ID

Moderate

CVE-2023-21335

A-232938844

ID

Moderate

CVE-2023-21340

A-236813210

ID

Moderate

CVE-2023-21347

A-242171908

ID

Moderate

CVE-2023-21350

A-243792935

ID

Moderate

CVE-2023-21352

A-244155256

ID

Moderate

CVE-2023-21353

A-244155333

ID

Moderate

CVE-2023-21357

A-252996038

ID

Moderate

CVE-2023-21359

A-260726311

ID

Moderate

CVE-2023-21368

A-277288588

ID

Moderate

CVE-2023-21379

A-264921486

ID

Moderate

CVE-2023-21383

A-233607547

ID

Moderate

CVE-2023-21384

A-256590334

ID

Moderate

CVE-2023-21385

A-271458258

ID

Moderate

CVE-2023-21395

A-259939435

ID

Moderate

CVE-2023-21311

A-237289258

DoS

Moderate

CVE-2023-21369

A-264260808

DoS

Moderate

CVE-2023-21391

A-278556945

DoS

Moderate

CVE-2023-21386

A-275552292

ID

Moderate

CVE-2023-21297

A-230733237

ID

Moderate

CVE-2023-21307

A-192475649

ID

High

Common questions and answers

This section answers common questions that may occur after reading this bulletin.

1. How do I determine if my device is updated to address these issues?

To learn how to check a device’s security patch level, see Check and update your Android version.

Android 14 , as released on AOSP, has a default security patch level of 2023-10-01. Android devices running Android 14 and with a security patch level of 2023-10-01 or later address all issues contained in these security release notes.

2. What do the entries in the Type column mean?

Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

3. What do the entries in the References column mean?

Entries under the References column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

Prefix

Reference

A-

Android bug ID

Versions

Version

Date

Notes

1.0

October 4, 2023

Bulletin Published

1.1

October 26, 2023

Updated Issue List

Related news

Gentoo Linux Security Advisory 202402-06

Gentoo Linux Security Advisory 202402-6 - Multiple vulnerabilities have been discovered in FreeType, the worst of which can lead to remote code execution. Versions greater than or equal to 2.13.0 are affected.

CVE-2023-6273: December

Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-45781: Android Security Bulletin—December 2023

In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-5801: November

Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality.

RHSA-2023:0934: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...

CVE-2022-20544: Pixel Update Bulletin—December2022  |  Android Open Source Project

In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238745070

Red Hat Security Advisory 2022-8964-01

Red Hat Security Advisory 2022-8964-01 - The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2022-8938-01

Red Hat Security Advisory 2022-8938-01 - Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements.

RHSA-2022:8964: Red Hat Security Advisory: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images

Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: keycloak: path traversal via double URL encoding * CVE-2022-3916: keycloak: Session takeover with OIDC offline refreshtokens

Red Hat Security Advisory 2022-8889-01

Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8340-01

Red Hat Security Advisory 2022-8340-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently. Issues addressed include a buffer overflow vulnerability.

RHSA-2022:8340: Red Hat Security Advisory: freetype security update

An update for freetype is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27404: FreeType: Buffer overflow in sfnt_init_face * CVE-2022-27405: FreeType: Segmentation violation via FNT_Size_Request * CVE-2022-27406: Freetype: Segmentation violation via FT_Request_Size

libxml2 xmlParseNameComplex Integer Overflow

libxml2 suffers from an integer overflow vulnerability in xmlParseNameComplex.

RHSA-2022:7745: Red Hat Security Advisory: freetype security update

An update for freetype is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27404: FreeType: Buffer overflow in sfnt_init_face * CVE-2022-27405: FreeType: Segmentation violation via FNT_Size_Request * CVE-2022-27406: Freetype: Segmentation violation via FT_Request_Size

Red Hat Security Advisory 2022-5908-01

Red Hat Security Advisory 2022-5908-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2022:5908: Red Hat Security Advisory: Openshift Logging Bug Fix and security update Release (5.3.10)

Openshift Logging Bug Fix Release (5.3.10) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

Red Hat Security Advisory 2022-5531-01

Red Hat Security Advisory 2022-5531-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs.

Red Hat Security Advisory 2022-5556-01

Red Hat Security Advisory 2022-5556-01 - Logging Subsystem 5.4.3 has security updates. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2022:5704: Red Hat Security Advisory: ACS 3.71 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug fixes and feature improvements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29173: go-tuf: No protection against rollback attacks for roles other than root

Ubuntu Security Notice USN-5528-1

Ubuntu Security Notice 5528-1 - It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.

RHSA-2022:5317: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29824: libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write

libxml2 xmlBufAdd Heap Buffer Overflow

libxml2 is vulnerable to a heap buffer overflow when xmlBufAdd is called on a very large buffer.

Ubuntu Security Notice USN-5422-1

Ubuntu Security Notice 5422-1 - Shinji Sato discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

CVE-2022-29824: v2.9.14 · Tags · GNOME / libxml2

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

CVE-2022-27404: heap-buffer-overflow on creating a face with strange file and invalid index (#1138) · Issues · FreeType / FreeType

FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907