Siemens SIMATIC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Input Validation, Missing Encryption of Sensitive Data, Incorrect Permission Assignment for Critical Resource, Expected Behavior Violation, Improper Authentication, Out-of-bounds Write, Use After Free, Inadequate Encryption Strength, Use of Insufficiently Random Values, Incorrect Authorization, Improper Locking, Improper Restriction of Rendered UI Layers or Frames, Improper Privilege Management, Missing Authorization, Cleartext Storage of Sensitive Information, Improper Check for Unusual or Exceptional Conditions, Improper Certificate Validation, Double Free, Integer Overflow or Wraparound, Out-of-bounds Read, Improper Initialization, Race Condition, Use of Uninitialized Resource, Improper Handling of Exceptional Conditions, Missing Initialization of Resource, Exposure of Resource to Wrong Sphere, Externally Controlled Reference to a Resource in Another Sphere, Injection, Excessive Iteration, Improper Preservation of Permissions, Improper Encoding or Escaping of Output, Incorrect Conversion between Numeric Types, Deserialization of Untrusted Data, Classic Buffer Overflow, Initialization of a Resource with an Insecure Default, Infinite Loop, Integer Underflow
2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code within the context of a privileged process.
3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following SIMATIC mobile RFID reader products are affected: SIMATIC RF160B (6GT2003-0FA00): versions prior to V2.2 3.2 Vulnerability Overview 3.2.1 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119 An attacker could cause a crash or potentially execute arbitrary code by sending specially crafted DNS responses to the DNSmasq process. In order to exploit this vulnerability, an attacker must be able to trigger DNS requests from the device and must be in a privileged position to inject malicious DNS responses. CVE-2017-14491 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.2 IMPROPER INPUT VALIDATION CWE-20 An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187. CVE-2017-18509 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.3 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In checkKeyIntent of AccountManagerService.java, there is a possible permission bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-9 Android ID: A-123700107 CVE-2020-0338 has been assigned to this vulnerability. A CVSS v3 base score of 5.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). 3.2.4 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732 In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-8.1, Android-9 Android ID: A-154319182 CVE-2020-0417 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.5 EXPECTED BEHAVIOR VIOLATION CWE-440 A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being ‘force disabled’ when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality. CVE-2020-10768 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.6 IMPROPER AUTHENTICATION CWE-287 Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking CVE-2020-11301 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). 3.2.7 OUT-OF-BOUNDS WRITE CWE-787 An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2020-14305 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.8 USE AFTER FREE CWE-416 A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2020-14381 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.9 USE AFTER FREE CWE-416 Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. CVE-2020-15436 has been assigned to this vulnerability. A CVSS v3 base score of 6.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). 3.2.10 INADEQUATE ENCRYPTION STRENGTH CWE-326 The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn’t require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. CVE-2020-24587 has been assigned to this vulnerability. A CVSS v3 base score of 2.6 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). 3.2.11 USE OF INSUFFICIENTLY RANDOM VALUES CWE-330 A flaw in ICMP packets in the Linux kernel was found to allow to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue. CVE-2020-25705 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). 3.2.12 INCORRECT AUTHORIZATION CWE-863 Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN. CVE-2020-26555 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). 3.2.13 IMPROPER AUTHENTICATION CWE-287 Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. CVE-2020-26558 has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). 3.2.14 IMPROPER LOCKING CWE-667 A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. CVE-2020-29660 has been assigned to this vulnerability. A CVSS v3 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). 3.2.15 IMPROPER LOCKING CWE-667 A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. CVE-2020-29661 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.16 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021 In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1 Android-9 Android-10Android ID: A-155287782 CVE-2021-0302 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.17 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021 In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10 Android ID: A-154015447 CVE-2021-0305 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.18 OUT-OF-BOUNDS WRITE CWE-787 In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-174238784 CVE-2021-0325 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.19 OUT-OF-BOUNDS WRITE CWE-787 In p2p_copy_client_info of p2p.c, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi direct search, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-172937525 CVE-2021-0326 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.20 IMPROPER PRIVILEGE MANAGEMENT CWE-269 In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-172935267 CVE-2021-0327 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.21 MISSING AUTHORIZATION CWE-862 In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-172670415 CVE-2021-0328 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.22 OUT-OF-BOUNDS WRITE CWE-787 In several native functions called by AdvertiseManager.java, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-171400004 CVE-2021-0329 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.23 USE AFTER FREE CWE-416 In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11 Android ID: A-170732441 CVE-2021-0330 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.24 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021 In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-170731783 CVE-2021-0331 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). 3.2.25 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021 In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-168504491 CVE-2021-0333 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). 3.2.26 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732 In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-163358811 CVE-2021-0334 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.27 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732 In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-158219161 CVE-2021-0336 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.28 CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312 In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-157474195 CVE-2021-0337 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.29 IMPROPER CHECK FOR UNUSUAL OR EXCEPTIONAL CONDITIONS CWE-754 In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-8.1, Android-9 Android ID: A-145728687 CVE-2021-0339 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.30 IMPROPER CERTIFICATE VALIDATION CWE-295 In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-171980069 CVE-2021-0341 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). 3.2.31 MISSING AUTHORIZATION CWE-862 In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-174749461 CVE-2021-0390 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.32 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021 In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-172841550 CVE-2021-0391 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.33 DOUBLE FREE CWE-415 In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-175124730 CVE-2021-0392 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.34 INTEGER OVERFLOW OR WRAPAROUND CWE-190 In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution if an attacker can supply a malicious PAC file, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-168041375 CVE-2021-0393 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.35 OUT-OF-BOUNDS READ CWE-125 In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-172655291 CVE-2021-0394 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.36 OUT-OF-BOUNDS WRITE CWE-787 In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-160610106 CVE-2021-0396 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.37 DOUBLE FREE CWE-415 In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-174052148 CVE-2021-0397 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.38 USE AFTER FREE CWE-416 In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-176919394References: Upstream kernel CVE-2021-0399 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.39 IMPROPER INPUT VALIDATION CWE-20 In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could lead to incorrect reporting of location data to emergency services with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11 Android ID: A-177561690 CVE-2021-0400 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N). 3.2.40 USE AFTER FREE CWE-416 In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-175074139 CVE-2021-0429 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.41 OUT-OF-BOUNDS READ CWE-125 In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-174149901 CVE-2021-0431 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). 3.2.42 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021 In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-171221090 CVE-2021-0433 has been assigned to this vulnerability. A CVSS v3 base score of 8.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.43 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In onReceive of BluetoothPermissionRequest.java, a phishing attack is possible allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-167403112 CVE-2021-0434 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). 3.2.44 IMPROPER INITIALIZATION CWE-665 In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-174150451 CVE-2021-0435 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). 3.2.45 INTEGER OVERFLOW OR WRAPAROUND CWE-190 In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out-of-bounds read due to integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-176496160 CVE-2021-0436 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.46 DOUBLE FREE CWE-415 In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-176168330 CVE-2021-0437 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.47 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021 In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAG_OBSCURED value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10 Android ID: A-152064592 CVE-2021-0438 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.48 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION (‘RACE CONDITION’) CWE-362 In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. This could lead to local information disclosure across user profiles with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-170474245 CVE-2021-0443 has been assigned to this vulnerability. A CVSS v3 base score of 4.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). 3.2.49 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-178825358 CVE-2021-0444 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). 3.2.50 INTEGER OVERFLOW OR WRAPAROUND CWE-190 In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out-of-bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-176444786 CVE-2021-0471 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.51 USE OF UNINITIALIZED RESOURCE CWE-908 In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-179687208 CVE-2021-0473 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.52 OUT-OF-BOUNDS WRITE CWE-787 In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-177611958 CVE-2021-0474 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.53 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION (‘RACE CONDITION’) CWE-362 In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-9, Android-10 Android ID: A-169252501 CVE-2021-0476 has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.54 IMPROPER HANDLING OF EXCEPTIONAL CONDITIONS CWE-755 In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-169255797 CVE-2021-0478 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.55 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-174493336 CVE-2021-0480 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). 3.2.56 IMPROPER INPUT VALIDATION CWE-20 In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-172939189 CVE-2021-0481 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.57 MISSING INITIALIZATION OF RESOURCE CWE-909 In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-173720767 CVE-2021-0484 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.58 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021 In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-181962311 CVE-2021-0506 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). 3.2.59 OUT-OF-BOUNDS WRITE CWE-787 In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-181860042 CVE-2021-0507 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.60 USE AFTER FREE CWE-416 In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-176444154 CVE-2021-0508 has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.61 USE AFTER FREE CWE-416 In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-176444161 CVE-2021-0509 has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.62 INTEGER OVERFLOW OR WRAPAROUND CWE-190 In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-176444622 CVE-2021-0510 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.63 IMPROPER INPUT VALIDATION CWE-20 In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11 Android ID: A-178055795 CVE-2021-0511 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.64 OUT-OF-BOUNDS WRITE CWE-787 In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-173843328References: Upstream kernel CVE-2021-0512 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.65 MISSING AUTHORIZATION CWE-862 In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-156090809 CVE-2021-0513 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.66 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION (‘RACE CONDITION’) CWE-362 In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-9, Android-11, Android-8.1 Android ID: A-162604069 CVE-2021-0514 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.67 OUT-OF-BOUNDS WRITE CWE-787 In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-167389063 CVE-2021-0515 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.68 USE AFTER FREE CWE-416 In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out-of-bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-181660448 CVE-2021-0516 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.69 OUT-OF-BOUNDS WRITE CWE-787 In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-176533109 CVE-2021-0519 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.70 USE AFTER FREE CWE-416 In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-10 Android ID: A-176237595 CVE-2021-0520 has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.71 MISSING AUTHORIZATION CWE-862 In getAllPackages of PackageManagerService, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of cross-user permissions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-174661955 CVE-2021-0521 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.72 USE AFTER FREE CWE-416 In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out-of-bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-9, Android-10 Android ID: A-174182139 CVE-2021-0522 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). 3.2.73 OUT-OF-BOUNDS READ CWE-125 In verifyBufferObject of Parcel.cpp, there is a possible out-of-bounds read due to an improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-179289794 CVE-2021-0584 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.74 OUT-OF-BOUNDS WRITE CWE-787 In beginWrite and beginRead of MessageQueueBase.h, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-184963385 CVE-2021-0585 has been assigned to this vulnerability. A CVSS v3 base score of 6.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). 3.2.75 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021 In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-182584940 CVE-2021-0586 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.76 USE AFTER FREE CWE-416 In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out-of-bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-185259758 CVE-2021-0587 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.77 EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668 In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9 Android ID: A-177238342 CVE-2021-0588 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.78 OUT-OF-BOUNDS WRITE CWE-787 In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-180939982 CVE-2021-0589 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.79 EXTERNALLY CONTROLLED REFERENCE TO A RESOURCE IN ANOTHER SPHERE CWE-610 In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-179386960 CVE-2021-0591 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). 3.2.80 EXTERNALLY CONTROLLED REFERENCE TO A RESOURCE IN ANOTHER SPHERE CWE-610 In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-179386068 CVE-2021-0593 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.81 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT (‘INJECTION’) CWE-74 In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an attacker to deceive a user into allowing a Bluetooth connection with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-176445224 CVE-2021-0594 has been assigned to this vulnerability. A CVSS v3 base score of 8.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.82 OUT-OF-BOUNDS READ CWE-125 In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-181346550 CVE-2021-0596 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). 3.2.83 MISSING AUTHORIZATION CWE-862 In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-176496502 CVE-2021-0597 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.84 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021 In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-180422108 CVE-2021-0598 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). 3.2.85 EXTERNALLY CONTROLLED REFERENCE TO A RESOURCE IN ANOTHER SPHERE CWE-610 In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-175614289 CVE-2021-0599 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.86 IMPROPER INPUT VALIDATION CWE-20 In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-179042963 CVE-2021-0600 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.87 DOUBLE FREE CWE-415 In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out-of-bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-180643802 CVE-2021-0601 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.88 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-179910660 CVE-2021-0604 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). 3.2.89 OUT-OF-BOUNDS WRITE CWE-787 In noteAtomLogged of StatsdStats.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-187957589 CVE-2021-0640 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.90 MISSING AUTHORIZATION CWE-862 In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-185235454 CVE-2021-0641 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.91 MISSING AUTHORIZATION CWE-862 In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-185126149 CVE-2021-0642 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). 3.2.92 OUT-OF-BOUNDS WRITE CWE-787 In sqlite3_str_vappendf of sqlite3.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process’s SQL with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-153352319 CVE-2021-0646 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.93 OUT-OF-BOUNDS READ CWE-125 In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-190286685 CVE-2021-0650 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). 3.2.94 IMPROPER INPUT VALIDATION CWE-20 In loadLabel of PackageItemInfo.java, there is a possible way to cause a denial of service in a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11, Android-9, Android-10 Android ID: A-67013844 CVE-2021-0651 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). 3.2.95 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION (‘RACE CONDITION’) CWE-362 In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing objects that are not thread-safe. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-185178568 CVE-2021-0652 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.96 MISSING AUTHORIZATION CWE-862 In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-177931370 CVE-2021-0653 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.97 MISSING AUTHORIZATION CWE-862 In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-159624555 CVE-2021-0682 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.98 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In runTraceIpcStop of ActivityManagerShellCommand.java, deletion of system files is possible due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-185398942 CVE-2021-0683 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.99 USE AFTER FREE CWE-416 In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out-of-bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-179839665 CVE-2021-0684 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.100 EXCESSIVE ITERATION CWE-834 In ellipsize of Layout.java, there is a possible ANR due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-188913943 CVE-2021-0687 has been assigned to this vulnerability. A CVSS v3 base score of 5.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H). 3.2.101 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION (‘RACE CONDITION’) CWE-362 In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-161149543 CVE-2021-0688 has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.102 OUT-OF-BOUNDS READ CWE-125 In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-190188264 CVE-2021-0689 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.103 OUT-OF-BOUNDS WRITE CWE-787 In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a possible out-of-bounds write due to heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-182152757 CVE-2021-0690 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). 3.2.104 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732 In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-9, Android-10 Android ID: A-179289753 CVE-2021-0692 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.105 USE AFTER FREE CWE-416 In get_sock_stat of xt_qtaguid.c, there is a possible out-of-bounds read due to a use after free. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-184018316References: Upstream kernel CVE-2021-0695 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.106 IMPROPER PRESERVATION OF PERMISSIONS CWE-281 In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-179338675 CVE-2021-0704 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.107 MISSING AUTHORIZATION CWE-862 In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android Versions: Android-10 Android-11Android ID: A-193444889 CVE-2021-0706 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.108 EXTERNALLY CONTROLLED REFERENCE TO A RESOURCE IN ANOTHER SPHERE CWE-610 In runDumpHeap of ActivityManagerShellCommand.java, deletion of system files is possible due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-183262161 CVE-2021-0708 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.109 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION (‘RACE CONDITION’) CWE-362 In RW_SetActivatedTagType of rw_main.cc, memory corruption is possible due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-192472262 CVE-2021-0870 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.110 INTEGER OVERFLOW OR WRAPAROUND CWE-190 In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-197336441 CVE-2021-0919 has been assigned to this vulnerability. A CVSS v3 base score of 5.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H). 3.2.111 USE AFTER FREE CWE-416 In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-196926917References: Upstream kernel CVE-2021-0920 has been assigned to this vulnerability. A CVSS v3 base score of 6.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). 3.2.112 MISSING AUTHORIZATION CWE-862 In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user’s consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-191053931 CVE-2021-0926 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.113 IMPROPER HANDLING OF EXCEPTIONAL CONDITIONS CWE-755 In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-188675581 CVE-2021-0928 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.114 USE AFTER FREE CWE-416 In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-187527909 References: Upstream kernel CVE-2021-0929 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.115 OUT-OF-BOUNDS WRITE CWE-787 In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-181660091 CVE-2021-0930 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.116 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-180747689 CVE-2021-0931 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). 3.2.117 IMPROPER ENCODING OR ESCAPING OF OUTPUT CWE-116 In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetooth device, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-172251622 CVE-2021-0933 has been assigned to this vulnerability. A CVSS v3 base score of 8.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.118 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure of user’s contacts with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-195748381 CVE-2021-0952 has been assigned to this vulnerability. A CVSS v3 base score of 5.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). 3.2.119 IMPROPER PRESERVATION OF PERMISSIONS CWE-281 In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-184046278 CVE-2021-0953 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.120 MISSING INITIALIZATION OF RESOURCE CWE-909 In quota_proc_write of xt_quota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-196046570References: Upstream kernel CVE-2021-0961 has been assigned to this vulnerability. A CVSS v3 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). 3.2.121 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021 In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-199754277 CVE-2021-0963 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N). 3.2.122 INCORRECT CONVERSION BETWEEN NUMERIC TYPES CWE-681 In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-193363621 CVE-2021-0964 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). 3.2.123 MISSING AUTHORIZATION CWE-862 In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user’s consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-194300867 CVE-2021-0965 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.124 OUT-OF-BOUNDS WRITE CWE-787 In vorbis_book_decodev_set of codebook.c, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-199065614 CVE-2021-0967 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.125 INTEGER OVERFLOW OR WRAPAROUND CWE-190 In osi_malloc and osi_calloc of allocator.cc, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-197868577 CVE-2021-0968 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.126 DESERIALIZATION OF UNTRUSTED DATA CWE-502 In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-196970023 CVE-2021-0970 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.127 BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (‘CLASSIC BUFFER OVERFLOW’) CWE-120 Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking. CVE-2021-1972 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.128 USE AFTER FREE CWE-416 A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking. CVE-2021-1976 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.129 MISSING INITIALIZATION OF RESOURCE CWE-909 An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. CVE-2021-29647 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.130 INTEGER OVERFLOW OR WRAPAROUND CWE-190 fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an out-of-bounds write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. CVE-2021-33909 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.131 USE AFTER FREE CWE-416 drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations. CVE-2021-38204 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.132 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732 In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-185126319 CVE-2021-39621 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.133 OUT-OF-BOUNDS WRITE CWE-787 In doRead of SimpleDecodingSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-194105348 CVE-2021-39623 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.134 EXTERNALLY CONTROLLED REFERENCE TO A RESOURCE IN ANOTHER SPHERE CWE-610 In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-194695497 CVE-2021-39626 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.135 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732 In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-185126549 CVE-2021-39627 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.136 USE AFTER FREE CWE-416 In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-197353344 CVE-2021-39629 has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.137 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119 In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-150694665 References: Upstream kernel CVE-2021-39633 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.138 USE AFTER FREE CWE-416 In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-204450605References: Upstream kernel CVE-2021-39634 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.139 DOUBLE FREE CWE-415 In ce_t4t_data_cback of ce_t4t.cc, there is a possible out-of-bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L Android ID: A-221862119 CVE-2022-20127 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.140 IMPROPER CHECK FOR UNUSUAL OR EXCEPTIONAL CONDITIONS CWE-754 In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L Android ID: A-224314979 CVE-2022-20130 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.141 OUT-OF-BOUNDS READ CWE-125 In USB driver, there is a possible out-of-bounds read due to a heap buffer overflow. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-216825460 References: Upstream kernel CVE-2022-20227 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.142 OUT-OF-BOUNDS WRITE CWE-787 In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L Android ID: A-224536184 CVE-2022-20229 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.143 IMPROPER INPUT VALIDATION CWE-20 In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L Android ID: A-219498290 CVE-2022-20355 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.144 OUT-OF-BOUNDS WRITE CWE-787 In avdt_msg_asmbl of avdt_msg.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-232023771 CVE-2022-20411 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.145 USE AFTER FREE CWE-416 In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-239630375 References: Upstream kernel CVE-2022-20421 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.146 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION (‘RACE CONDITION’) CWE-362 In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-237540956 References: Upstream kernel CVE-2022-20422 has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.147 INTEGER OVERFLOW OR WRAPAROUND CWE-190 In rndis_set_response of rndis.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-239842288 References: Upstream kernel CVE-2022-20423 has been assigned to this vulnerability. A CVSS v3 base score of 4.6 has been calculated; the CVSS vector string is (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). 3.2.148 OUT-OF-BOUNDS WRITE CWE-787 In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-230356196 CVE-2022-20462 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.149 INITIALIZATION OF A RESOURCE WITH AN INSECURE DEFAULT CWE-1188 In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user’s password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-179725730 CVE-2022-20466 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). 3.2.150 OUT-OF-BOUNDS READ CWE-125 In BNEP_ConnectResp of bnep_api.cc, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-228450451 CVE-2022-20468 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). 3.2.151 OUT-OF-BOUNDS WRITE CWE-787 In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-230867224 CVE-2022-20469 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.152 OUT-OF-BOUNDS READ CWE-125 In toLanguageTag of LocaleListCache.cpp, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-239210579 CVE-2022-20472 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.153 OUT-OF-BOUNDS READ CWE-125 In toLanguageTag of LocaleListCache.cpp, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-239267173 CVE-2022-20473 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.154 LOOP WITH UNREACHABLE EXIT CONDITION (‘INFINITE LOOP’) CWE-835 In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L Android ID: A-240936919 CVE-2022-20476 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.2.155 INTEGER UNDERFLOW (WRAP OR WRAPAROUND) CWE-191 In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out-of-bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-242459126 CVE-2022-20483 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). 3.2.156 OUT-OF-BOUNDS READ CWE-125 In fdt_path_offset_namelen of fdt_ro.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-246465319 CVE-2022-20498 has been assigned to this vulnerability. A CVSS v3 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). 3.2.157 IMPROPER HANDLING OF EXCEPTIONAL CONDITIONS CWE-755 In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-246540168 CVE-2022-20500 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Germany 3.4 RESEARCHER Siemens reported these vulnerabilities to CISA.
4. MITIGATIONS Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends users update to the latest version. As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals. Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage. For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF. CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
5. UPDATE HISTORY March 14, 2024: Initial Publication