Protect yourself against future threats.
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2024.1614
ICS Advisory | ICSA-24-074-07 Siemens SIMATIC
15 March 2024
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Siemens SIMATIC
Publisher: ICS-CERT
Operating System: Network Appliance
Resolution: Patch/Upgrade
CVE Names: CVE-2021-0471 CVE-2021-0519 CVE-2021-0444
CVE-2021-0443 CVE-2021-0438 CVE-2021-0437
CVE-2021-0436 CVE-2021-0435 CVE-2021-0433
CVE-2021-0431 CVE-2021-0429 CVE-2021-0400
CVE-2022-20130 CVE-2022-20127 CVE-2022-20462
CVE-2021-0394 CVE-2021-0396 CVE-2021-0706
CVE-2021-0397 CVE-2020-25705 CVE-2021-0473
CVE-2021-0474 CVE-2021-0476 CVE-2022-20229
CVE-2022-20227 CVE-2021-0480 CVE-2021-0481
CVE-2021-29647 CVE-2021-33909 CVE-2022-20500
CVE-2022-20498 CVE-2022-20483 CVE-2022-20476
CVE-2022-20473 CVE-2022-20472 CVE-2022-20469
CVE-2022-20468 CVE-2022-20466 CVE-2022-20411
CVE-2020-14381 CVE-2022-20355 CVE-2017-14491
CVE-2020-10768 CVE-2021-39634 CVE-2021-39633
CVE-2021-39629 CVE-2021-39627 CVE-2021-39626
CVE-2021-39623 CVE-2021-39621 CVE-2020-0338
CVE-2020-0417 CVE-2020-11301 CVE-2021-0933
CVE-2021-0391 CVE-2021-0390 CVE-2021-0931
CVE-2021-0930 CVE-2021-0929 CVE-2021-0928
CVE-2021-0926 CVE-2022-20423 CVE-2022-20422
CVE-2022-20421 CVE-2021-0392 CVE-2021-0393
CVE-2021-0484 CVE-2021-0920 CVE-2021-0919
CVE-2021-0399 CVE-2021-0515 CVE-2021-0587
CVE-2021-0653 CVE-2021-0650 CVE-2021-0585
CVE-2021-0586 CVE-2021-0514 CVE-2021-0588
CVE-2021-0589 CVE-2021-0594 CVE-2021-0434
CVE-2021-0596 CVE-2021-0597 CVE-2021-0598
CVE-2021-0599 CVE-2021-0600 CVE-2021-0601
CVE-2021-0604 CVE-2021-0651 CVE-2021-0652
CVE-2021-0682 CVE-2021-0683 CVE-2021-0684
CVE-2021-0687 CVE-2021-0688 CVE-2021-0689
CVE-2021-0690 CVE-2021-0692 CVE-2021-0695
CVE-2021-0704 CVE-2021-0708 CVE-2021-0870
CVE-2021-0952 CVE-2021-0953 CVE-2021-0961
CVE-2021-0963 CVE-2021-0964 CVE-2021-0965
CVE-2021-0967 CVE-2021-0968 CVE-2021-0970
CVE-2021-0522 CVE-2021-0521 CVE-2021-0520
CVE-2021-0516 CVE-2021-0513 CVE-2021-0512
CVE-2021-0511 CVE-2021-0510 CVE-2021-0509
CVE-2020-24587 CVE-2021-0507 CVE-2021-0506
CVE-2021-0508 CVE-2021-0478 CVE-2020-26558
CVE-2020-26555 CVE-2020-15436 CVE-2021-38204
CVE-2021-0341 CVE-2021-0339 CVE-2021-0337
CVE-2021-0336 CVE-2021-0334 CVE-2021-0333
CVE-2021-0331 CVE-2021-0330 CVE-2021-0329
CVE-2021-0328 CVE-2021-0327 CVE-2021-0326
CVE-2021-0325 CVE-2021-0305 CVE-2021-0302
CVE-2020-29661 CVE-2020-29660 CVE-2020-14305
CVE-2021-1976 CVE-2021-1972 CVE-2021-0646
CVE-2021-0642 CVE-2021-0641 CVE-2017-18509
CVE-2021-0640 CVE-2021-0593 CVE-2021-0591
CVE-2021-0584
Original Bulletin:
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-07
Comment: CVSS (Max): 9.8 CVE-2022-20473 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: ICS-CERT
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
The following are listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog:
CISA KEV CVE(s): CVE-2021-0920
CISA KEV URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- --------------------------BEGIN INCLUDED TEXT--------------------
ICS Advisory (ICSA-24-074-07)
Siemens SIMATIC
Release Date
March 14, 2024
As of January 10, 2023, CISA will no longer be updating ICS security advisories
for Siemens product vulnerabilities beyond the initial advisory. For the most
up-to-date information on vulnerabilities in this advisory, please see Siemens'
ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
o CVSS v3 9.8
o ATTENTION : Exploitable remotely/low attack complexity
o Vendor : Siemens
o Equipment : SIMATIC
o Vulnerabilities : Improper Restriction of Operations within the Bounds of a
Memory Buffer, Improper Input Validation, Missing Encryption of Sensitive
Data, Incorrect Permission Assignment for Critical Resource, Expected
Behavior Violation, Improper Authentication, Out-of-bounds Write, Use After
Free, Inadequate Encryption Strength, Use of Insufficiently Random Values,
Incorrect Authorization, Improper Locking, Improper Restriction of Rendered
UI Layers or Frames, Improper Privilege Management, Missing Authorization,
Cleartext Storage of Sensitive Information, Improper Check for Unusual or
Exceptional Conditions, Improper Certificate Validation, Double Free,
Integer Overflow or Wraparound, Out-of-bounds Read, Improper
Initialization, Race Condition, Use of Uninitialized Resource, Improper
Handling of Exceptional Conditions, Missing Initialization of Resource,
Exposure of Resource to Wrong Sphere, Externally Controlled Reference to a
Resource in Another Sphere, Injection, Excessive Iteration, Improper
Preservation of Permissions, Improper Encoding or Escaping of Output,
Incorrect Conversion between Numeric Types, Deserialization of Untrusted
Data, Classic Buffer Overflow, Initialization of a Resource with an
Insecure Default, Infinite Loop, Integer Underflow
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to
execute arbitrary code within the context of a privileged process.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following SIMATIC mobile RFID reader products are
affected:
o SIMATIC RF160B (6GT2003-0FA00): versions prior to V2.2
3.2 Vulnerability Overview
3.2.1 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER
CWE-119
An attacker could cause a crash or potentially execute arbitrary code by
sending specially crafted DNS responses to the DNSmasq process. In order to
exploit this vulnerability, an attacker must be able to trigger DNS requests
from the device and must be in a privileged position to inject malicious DNS
responses.
CVE-2017-14491 has been assigned to this vulnerability. A CVSS v3 base score of
8.1 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:H/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.2 IMPROPER INPUT VALIDATION CWE-20
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By
setting a specific socket option, an attacker can control a pointer in kernel
land and cause an inet_csk_listen_stop general protection fault, or potentially
execute arbitrary code under certain circumstances. The issue can be triggered
as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN
capability) or after namespace unsharing. This occurs because sk_type and
protocol are not checked in the appropriate part of the ip6_mroute_* functions.
NOTE: this affects Linux distributions that use 4.9.x longterm kernels before
4.9.187.
CVE-2017-18509 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.3 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311
In checkKeyIntent of AccountManagerService.java, there is a possible permission
bypass. This could lead to local information disclosure with User execution
privileges needed. User interaction is needed for exploitation. Product:
Android Versions: Android-10, Android-9 Android ID: A-123700107
CVE-2020-0338 has been assigned to this vulnerability. A CVSS v3 base score of
5.0 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:R/S:U/C:H/I:N/A:N ).
3.2.4 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732
In setNiNotification of GpsNetInitiatedHandler.java, there is a possible
permissions bypass due to an empty mutable PendingIntent. This could lead to
local escalation of privilege with User execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-10, Android-8.1, Android-9 Android ID: A-154319182
CVE-2020-0417 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.5 EXPECTED BEHAVIOR VIOLATION CWE-440
A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function,
where it can be used to enable indirect branch speculation after it has been
disabled. This call incorrectly reports it as being 'force disabled' when it is
not and opens the system to Spectre v2 attacks. The highest threat from this
vulnerability is to confidentiality.
CVE-2020-10768 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.6 IMPROPER AUTHENTICATION CWE-287
Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted
network can lead to information disclosure in Snapdragon Auto, Snapdragon
Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,
Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon
Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired
Infrastructure and Networking
CVE-2020-11301 has been assigned to this vulnerability. A CVSS v3 base score of
7.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:N/A:N ).
3.2.7 OUT-OF-BOUNDS WRITE CWE-787
An out-of-bounds memory write flaw was found in how the Linux kernel's Voice
Over IP H.323 connection tracking functionality handled connections on ipv6
port 1720. This flaw allows an unauthenticated remote user to crash the system,
causing a denial of service. The highest threat from this vulnerability is to
confidentiality, integrity, as well as system availability.
CVE-2020-14305 has been assigned to this vulnerability. A CVSS v3 base score of
8.1 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:H/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.8 USE AFTER FREE CWE-416
A flaw was found in the Linux kernel's futex implementation. This flaw allows a
local attacker to corrupt system memory or escalate their privileges when
creating a futex on a filesystem that is about to be unmounted. The highest
threat from this vulnerability is to confidentiality, integrity, as well as
system availability.
CVE-2020-14381 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.9 USE AFTER FREE CWE-416
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8
allows local users to gain privileges or cause a denial of service by
leveraging improper access to a certain error field.
CVE-2020-15436 has been assigned to this vulnerability. A CVSS v3 base score of
6.7 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:H/
UI:N/S:U/C:H/I:H/A:H ).
3.2.10 INADEQUATE ENCRYPTION STRENGTH CWE-326
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3)
and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a
frame are encrypted under the same key. An adversary can abuse this to decrypt
selected fragments when another device sends fragmented frames and the WEP,
CCMP, or GCMP encryption key is periodically renewed.
CVE-2020-24587 has been assigned to this vulnerability. A CVSS v3 base score of
2.6 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:A/AC:H/PR:N/
UI:R/S:U/C:L/I:N/A:N ).
3.2.11 USE OF INSUFFICIENTLY RANDOM VALUES CWE-330
A flaw in ICMP packets in the Linux kernel was found to allow to quickly scan
open UDP ports. This flaw allows an off-path remote user to effectively bypass
source port UDP randomization. Software that relies on UDP source port
randomization are indirectly affected as well. Kernel versions before 5.10 may
be vulnerable to this issue.
CVE-2020-25705 has been assigned to this vulnerability. A CVSS v3 base score of
7.4 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:H/PR:N/
UI:N/S:U/C:H/I:H/A:N ).
3.2.12 INCORRECT AUTHORIZATION CWE-863
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B
through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of
the peer device to complete pairing without knowledge of the PIN.
CVE-2020-26555 has been assigned to this vulnerability. A CVSS v3 base score of
5.4 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:A/AC:L/PR:N/
UI:N/S:U/C:L/I:L/A:N ).
3.2.13 IMPROPER AUTHENTICATION CWE-287
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1
through 5.2 may permit a nearby man-in-the-middle attacker to identify the
Passkey used during pairing (in the Passkey authentication procedure) by
reflection of the public key and the authentication evidence of the initiating
device, potentially permitting this attacker to complete authenticated pairing
with the responding device using the correct Passkey for the pairing session.
The attack methodology determines the Passkey value one bit at a time.
CVE-2020-26558 has been assigned to this vulnerability. A CVSS v3 base score of
4.2 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:A/AC:H/PR:N/
UI:N/S:U/C:L/I:L/A:N ).
3.2.14 IMPROPER LOCKING CWE-667
A locking inconsistency issue was discovered in the tty subsystem of the Linux
kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may
allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
CVE-2020-29660 has been assigned to this vulnerability. A CVSS v3 base score of
4.4 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:H/
UI:N/S:U/C:H/I:N/A:N ).
3.2.15 IMPROPER LOCKING CWE-667
A locking issue was discovered in the tty subsystem of the Linux kernel through
5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against
TIOCSPGRP, aka CID-54ffccbf053b.
CVE-2020-29661 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.16 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021
In PackageInstaller, there is a possible tapjacking attack due to an insecure
default value. This could lead to local escalation of privilege and permissions
with no additional execution privileges needed. User interaction is needed for
exploitation. Product: Android Versions: Android-8.1 Android-9
Android-10Android ID: A-155287782
CVE-2021-0302 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:N/
UI:R/S:U/C:H/I:H/A:H ).
3.2.17 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021
In PackageInstaller, there is a possible tapjacking attack due to an insecure
default value. This could lead to local escalation of privilege and permissions
with no additional execution privileges needed. User interaction is needed for
exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10
Android ID: A-154015447
CVE-2021-0305 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:N/
UI:R/S:U/C:H/I:H/A:H ).
3.2.18 OUT-OF-BOUNDS WRITE CWE-787
In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible
out-of-bounds write due to a heap buffer overflow. This could lead to remote
code execution with no additional execution privileges needed. User interaction
is needed for exploitation. Product: Android Versions: Android-8.1, Android-9,
Android-10, Android-11 Android ID: A-174238784
CVE-2021-0325 has been assigned to this vulnerability. A CVSS v3 base score of
8.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:R/S:U/C:H/I:H/A:H ).
3.2.19 OUT-OF-BOUNDS WRITE CWE-787
In p2p_copy_client_info of p2p.c, there is a possible out-of-bounds write due
to a missing bounds check. This could lead to remote code execution if the
target device is performing a Wi-Fi direct search, with no additional execution
privileges needed. User interaction is not needed for exploitation. Product:
Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID:
A-172937525
CVE-2021-0326 has been assigned to this vulnerability. A CVSS v3 base score of
7.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:A/AC:H/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.20 IMPROPER PRIVILEGE MANAGEMENT CWE-269
In getContentProviderImpl of ActivityManagerService.java, there is a possible
permission bypass due to non-restored binder identities. This could lead to
local escalation of privilege with no additional execution privileges needed.
User interaction is not needed for exploitation. Product: Android Versions:
Android-9, Android-10, Android-11, Android-8.1 Android ID: A-172935267
CVE-2021-0327 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.21 MISSING AUTHORIZATION CWE-862
In onBatchScanReports and deliverBatchScan of GattService.java, there is a
possible way to retrieve Bluetooth scan results without permissions due to a
missing permission check. This could lead to local escalation of privilege with
no additional execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1,
Android-9 Android ID: A-172670415
CVE-2021-0328 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.22 OUT-OF-BOUNDS WRITE CWE-787
In several native functions called by AdvertiseManager.java, there is a
possible out-of-bounds write due to a missing bounds check. This could lead to
local escalation of privilege in the Bluetooth server with User execution
privileges needed. User interaction is not needed for exploitation. Product:
Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID:
A-171400004
CVE-2021-0329 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.23 USE AFTER FREE CWE-416
In add_user_ce and remove_user_ce of storaged.cpp, there is a possible
use-after-free due to improper locking. This could lead to local escalation of
privilege in storaged with no additional execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-9, Android-10, Android-11 Android ID: A-170732441
CVE-2021-0330 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.24 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible
overlay attack due to an insecure default value. This could lead to local
escalation of privilege and notification access with User execution privileges
needed. User interaction is needed for exploitation. Product: Android Versions:
Android-9, Android-10, Android-11, Android-8.1 Android ID: A-170731783
CVE-2021-0331 has been assigned to this vulnerability. A CVSS v3 base score of
7.3 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:R/S:U/C:H/I:H/A:H ).
3.2.25 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021
In onCreate of BluetoothPermissionActivity.java, there is a possible
permissions bypass due to a tapjacking overlay that obscures the phonebook
permissions dialog when a Bluetooth device is connecting. This could lead to
local escalation of privilege with User execution privileges needed. User
interaction is needed for exploitation. Product: Android Versions: Android-8.1,
Android-9, Android-10, Android-11 Android ID: A-168504491
CVE-2021-0333 has been assigned to this vulnerability. A CVSS v3 base score of
7.3 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:R/S:U/C:H/I:H/A:H ).
3.2.26 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732
In onTargetSelected of ResolverActivity.java, there is a possible settings
bypass allowing an app to become the default handler for arbitrary domains.
This could lead to local escalation of privilege with User execution privileges
needed. User interaction is not needed for exploitation. Product: Android
Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID:
A-163358811
CVE-2021-0334 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.27 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732
In onReceive of BluetoothPermissionRequest.java, there is a possible
permissions bypass due to a mutable PendingIntent. This could lead to local
escalation of privilege that bypasses a permission check, with User execution
privileges needed. User interaction is not needed for exploitation. Product:
Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID:
A-158219161
CVE-2021-0336 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.28 CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312
In moveInMediaStore of FileSystemProvider.java, there is a possible file
exposure due to stale metadata. This could lead to local escalation of
privilege with User execution privileges needed. User interaction is not needed
for exploitation. Product: Android Versions: Android-8.1, Android-9,
Android-10, Android-11 Android ID: A-157474195
CVE-2021-0337 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.29 IMPROPER CHECK FOR UNUSUAL OR EXCEPTIONAL CONDITIONS CWE-754
In loadAnimation of WindowContainer.java, there is a possible way to keep
displaying a malicious app while a target app is brought to the foreground.
This could lead to local escalation of privilege with no additional execution
privileges needed. User interaction is needed for exploitation. Product:
Android Versions: Android-10, Android-8.1, Android-9 Android ID: A-145728687
CVE-2021-0339 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:N/
UI:R/S:U/C:H/I:H/A:H ).
3.2.30 IMPROPER CERTIFICATE VALIDATION CWE-295
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept
a certificate for the wrong domain due to improperly used crypto. This could
lead to remote information disclosure with no additional execution privileges
needed. User interaction is not needed for exploitation. Product: Android
Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID:
A-171980069
CVE-2021-0341 has been assigned to this vulnerability. A CVSS v3 base score of
7.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:N/A:N ).
3.2.31 MISSING AUTHORIZATION CWE-862
In various methods of WifiNetworkSuggestionsManager.java, there is a possible
modification of suggested networks due to a missing permission check. This
could lead to local escalation of privilege by a background user on the same
device with no additional execution privileges needed. User interaction is not
needed for exploitation. Product: Android Versions: Android-11, Android-8.1,
Android-9, Android-10 Android ID: A-174749461
CVE-2021-0390 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.32 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021
In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to
learn the existence of an account, without permissions, due to a tapjacking/
overlay attack. This could lead to local escalation of privilege with User
execution privileges needed. User interaction is needed for exploitation.
Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10
Android ID: A-172841550
CVE-2021-0391 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:N/
UI:R/S:U/C:H/I:H/A:H ).
3.2.33 DOUBLE FREE CWE-415
In main of main.cpp, there is a possible memory corruption due to a double
free. This could lead to local escalation of privilege with User execution
privileges needed. User interaction is not needed for exploitation. Product:
Android Versions: Android-10, Android-11, Android-9 Android ID: A-175124730
CVE-2021-0392 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.34 INTEGER OVERFLOW OR WRAPAROUND CWE-190
In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possible
out-of-bounds write due to an integer overflow. This could lead to remote code
execution if an attacker can supply a malicious PAC file, with no additional
execution privileges needed. User interaction is not needed for exploitation.
Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10
Android ID: A-168041375
CVE-2021-0393 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:N/
UI:R/S:U/C:H/I:H/A:H ).
3.2.35 OUT-OF-BOUNDS READ CWE-125
In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a possible
out-of-bounds read due to a missing bounds check. This could lead to local
information disclosure with no additional execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-11, Android-8.1, Android-9, Android-10 Android ID: A-172655291
CVE-2021-0394 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.36 OUT-OF-BOUNDS WRITE CWE-787
In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related
files, there is a possible out-of-bounds write due to an incorrect bounds
check. This could lead to remote code execution in an unprivileged process with
no additional execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10,
Android-11 Android ID: A-160610106
CVE-2021-0396 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.37 DOUBLE FREE CWE-415
In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise
due to a double free. This could lead to remote code execution with no
additional execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9,
Android-10 Android ID: A-174052148
CVE-2021-0397 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.38 USE AFTER FREE CWE-416
In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to
a use after free. This could lead to local escalation of privilege with no
additional execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android kernel Android ID:
A-176919394References: Upstream kernel
CVE-2021-0399 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.39 IMPROPER INPUT VALIDATION CWE-20
In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java,
there is a possible incorrect reporting of location data to emergency services
due to improper input validation. This could lead to incorrect reporting of
location data to emergency services with User execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-9, Android-10, Android-11 Android ID: A-177561690
CVE-2021-0400 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:N/I:H/A:N ).
3.2.40 USE AFTER FREE CWE-416
In pollOnce of ALooper.cpp, there is possible memory corruption due to a use
after free. This could lead to local escalation of privilege with no additional
execution privileges needed. User interaction is not needed for exploitation.
Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1
Android ID: A-175074139
CVE-2021-0429 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.41 OUT-OF-BOUNDS READ CWE-125
In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bounds read due to
a missing bounds check. This could lead to remote information disclosure to a
paired device with no additional execution privileges needed. User interaction
is not needed for exploitation. Product: Android Versions: Android-11,
Android-8.1, Android-9, Android-10 Android ID: A-174149901
CVE-2021-0431 has been assigned to this vulnerability. A CVSS v3 base score of
7.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:N/A:N ).
3.2.42 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021
In onCreate of DeviceChooserActivity.java, there is a possible way to bypass
user consent when pairing a Bluetooth device due to a tapjacking/overlay
attack. This could lead to local escalation of privilege and pairing malicious
devices with no additional execution privileges needed. User interaction is
needed for exploitation. Product: Android Versions: Android-8.1, Android-9,
Android-10, Android-11 Android ID: A-171221090
CVE-2021-0433 has been assigned to this vulnerability. A CVSS v3 base score of
8.0 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:A/AC:L/PR:N/
UI:R/S:U/C:H/I:H/A:H ).
3.2.43 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311
In onReceive of BluetoothPermissionRequest.java, a phishing attack is possible
allowing a malicious Bluetooth device to acquire permissions based on
insufficient information presented to the user in the consent dialog. This
could lead to local escalation of privilege with no additional execution
privileges needed. User interaction is needed for exploitation. Product:
Android Versions: Android-10, Android-11, Android-9 Android ID: A-167403112
CVE-2021-0434 has been assigned to this vulnerability. A CVSS v3 base score of
7.3 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:R/S:U/C:H/I:H/A:H ).
3.2.44 IMPROPER INITIALIZATION CWE-665
In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap
data due to uninitialized data. This could lead to remote information
disclosure with no additional execution privileges needed. User interaction is
not needed for exploitation. Product: Android Versions: Android-11,
Android-8.1, Android-9, Android-10 Android ID: A-174150451
CVE-2021-0435 has been assigned to this vulnerability. A CVSS v3 base score of
7.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:N/A:N ).
3.2.45 INTEGER OVERFLOW OR WRAPAROUND CWE-190
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out-of-bounds
read due to integer overflow. This could lead to local information disclosure
with no additional execution privileges needed. User interaction is not needed
for exploitation. Product: Android Versions: Android-8.1, Android-9,
Android-10, Android-11 Android ID: A-176496160
CVE-2021-0436 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.46 DOUBLE FREE CWE-415
In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could
lead to local escalation of privilege in a privileged process with no
additional execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9,
Android-10 Android ID: A-176168330
CVE-2021-0437 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.47 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021
In several functions of InputDispatcher.cpp, WindowManagerService.java, and
related files, there is a possible tapjacking attack due to an incorrect
FLAG_OBSCURED value. This could lead to local escalation of privilege with no
additional execution privileges needed. User interaction is needed for
exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10
Android ID: A-152064592
CVE-2021-0438 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:N/
UI:R/S:U/C:H/I:H/A:H ).
3.2.48 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION
('RACE CONDITION') CWE-362
In several functions of ScreenshotHelper.java and related files, there is a
possible incorrectly saved screenshot due to a race condition. This could lead
to local information disclosure across user profiles with no additional
execution privileges needed. User interaction is needed for exploitation.
Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11
Android ID: A-170474245
CVE-2021-0443 has been assigned to this vulnerability. A CVSS v3 base score of
4.7 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:H/PR:N/
UI:R/S:U/C:H/I:N/A:N ).
3.2.49 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311
In onActivityResult of QuickContactActivity.java, there is an unnecessary
return of an intent. This could lead to local information disclosure of contact
data with no additional execution privileges needed. User interaction is needed
for exploitation. Product: Android Versions: Android-11, Android-8.1,
Android-9, Android-10 Android ID: A-178825358
CVE-2021-0444 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:N/
UI:R/S:U/C:H/I:N/A:N ).
3.2.50 INTEGER OVERFLOW OR WRAPAROUND CWE-190
In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out-of-bounds read due
to an integer overflow. This could lead to local information disclosure with no
additional execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android-9, Android-10, Android-11,
Android-8.1 Android ID: A-176444786
CVE-2021-0471 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.51 USE OF UNINITIALIZED RESOURCE CWE-908
In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to
uninitialized data. This could lead to remote code execution over NFC with no
additional execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android-9, Android-10, Android-11,
Android-8.1 Android ID: A-179687208
CVE-2021-0473 has been assigned to this vulnerability. A CVSS v3 base score of
8.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:A/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.52 OUT-OF-BOUNDS WRITE CWE-787
In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bounds write due
to a heap buffer overflow. This could lead to remote code execution with no
additional execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9,
Android-10 Android ID: A-177611958
CVE-2021-0474 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.53 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION
('RACE CONDITION') CWE-362
In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a
race condition. This could lead to local escalation of privilege with no
additional execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android-11, Android-9, Android-10
Android ID: A-169252501
CVE-2021-0476 has been assigned to this vulnerability. A CVSS v3 base score of
7.0 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:H/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.54 IMPROPER HANDLING OF EXCEPTIONAL CONDITIONS CWE-755
In updateDrawable of StatusBarIconView.java, there is a possible permission
bypass due to an uncaught exception. This could lead to local escalation of
privilege by running foreground services without notifying the user, with User
execution privileges needed. User interaction is not needed for exploitation.
Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9
Android ID: A-169255797
CVE-2021-0478 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.55 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311
In createPendingIntent of SnoozeHelper.java, there is a possible broadcast
intent containing a sensitive identifier. This could lead to local information
disclosure with no additional execution privileges needed. User interaction is
needed for exploitation. Product: Android Versions: Android-10, Android-11,
Android-8.1, Android-9 Android ID: A-174493336
CVE-2021-0480 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:N/
UI:R/S:U/C:H/I:N/A:N ).
3.2.56 IMPROPER INPUT VALIDATION CWE-20
In onActivityResult of EditUserPhotoController.java, there is a possible access
of unauthorized files due to an unexpected URI handler. This could lead to
local escalation of privilege with no additional execution privileges needed.
User interaction is needed for exploitation. Product: Android Versions:
Android-8.1, Android-9, Android-10, Android-11 Android ID: A-172939189
CVE-2021-0481 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:N/
UI:R/S:U/C:H/I:H/A:H ).
3.2.57 MISSING INITIALIZATION OF RESOURCE CWE-909
In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized
heap data due to a missing bounds check. This could lead to local information
disclosure with no additional execution privileges needed. User interaction is
not needed for exploitation. Product: Android Versions: Android-9, Android-10,
Android-11, Android-8.1 Android ID: A-173720767
CVE-2021-0484 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.58 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021
In ActivityPicker.java, there is a possible bypass of user interaction in
intent resolution due to a tapjacking/overlay attack. This could lead to local
escalation of privilege with User execution privileges needed. User interaction
is needed for exploitation. Product: Android Versions: Android-10, Android-11,
Android-8.1, Android-9 Android ID: A-181962311
CVE-2021-0506 has been assigned to this vulnerability. A CVSS v3 base score of
7.3 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:R/S:U/C:H/I:H/A:H ).
3.2.59 OUT-OF-BOUNDS WRITE CWE-787
In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out-of-bounds write
due to a missing bounds check. This could lead to remote code execution over
Bluetooth with no additional execution privileges needed. User interaction is
not needed for exploitation. Product: Android Versions: Android-11,
Android-8.1, Android-9, Android-10 Android ID: A-181860042
CVE-2021-0507 has been assigned to this vulnerability. A CVSS v3 base score of
8.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:A/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.60 USE AFTER FREE CWE-416
In various functions of DrmPlugin.cpp, there is a possible use after free due
to a race condition. This could lead to local escalation of privilege with no
additional execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10,
Android-11 Android ID: A-176444154
CVE-2021-0508 has been assigned to this vulnerability. A CVSS v3 base score of
7.0 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:H/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.61 USE AFTER FREE CWE-416
In various functions of CryptoPlugin.cpp, there is a possible use after free
due to a race condition. This could lead to local escalation of privilege with
no additional execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android-9, Android-10, Android-11,
Android-8.1 Android ID: A-176444161
CVE-2021-0509 has been assigned to this vulnerability. A CVSS v3 base score of
7.0 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:H/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.62 INTEGER OVERFLOW OR WRAPAROUND CWE-190
In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out-of-bounds write due
to an integer overflow. This could lead to local escalation of privilege with
no additional execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android-9, Android-10, Android-11,
Android-8.1 Android ID: A-176444622
CVE-2021-0510 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.63 IMPROPER INPUT VALIDATION CWE-20
In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an
app due to improper input validation. This could lead to local escalation of
privilege with no additional execution privileges needed. User interaction is
not needed for exploitation. Product: Android Versions: Android-9, Android-10,
Android-11 Android ID: A-178055795
CVE-2021-0511 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.64 OUT-OF-BOUNDS WRITE CWE-787
In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible
out-of-bounds write due to a heap buffer overflow. This could lead to local
escalation of privilege with no additional execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions: Android
kernel Android ID: A-173843328References: Upstream kernel
CVE-2021-0512 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.65 MISSING AUTHORIZATION CWE-862
In deleteNotificationChannel and related functions of
NotificationManagerService.java, there is a possible permission bypass due to
improper state validation. This could lead to local escalation of privilege via
hidden services with no additional execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-9, Android-10, Android-11, Android-8.1 Android ID: A-156090809
CVE-2021-0513 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.66 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION
('RACE CONDITION') CWE-362
In several functions of the V8 library, there is a possible use after free due
to a race condition. This could lead to remote code execution in an
unprivileged process with no additional execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-10, Android-9, Android-11, Android-8.1 Android ID: A-162604069
CVE-2021-0514 has been assigned to this vulnerability. A CVSS v3 base score of
8.1 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:H/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.67 OUT-OF-BOUNDS WRITE CWE-787
In Factory::CreateStrictFunctionMap of factory.cc, there is a possible
out-of-bounds write due to an incorrect bounds check. This could lead to remote
code execution in an unprivileged process with no additional execution
privileges needed. User interaction is not needed for exploitation. Product:
Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID:
A-167389063
CVE-2021-0515 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.68 USE AFTER FREE CWE-416
In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out-of-bounds
read and write due to a use after free. This could lead to remote escalation of
privilege with no additional execution privileges needed. User interaction is
not needed for exploitation. Product: Android Versions: Android-11,
Android-8.1, Android-9, Android-10 Android ID: A-181660448
CVE-2021-0516 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.69 OUT-OF-BOUNDS WRITE CWE-787
In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out-of-bounds
write due to a heap buffer overflow. This could lead to local information
disclosure with no additional execution privileges needed. User interaction is
not needed for exploitation. Product: Android Versions: Android-10, Android-11,
Android-8.1, Android-9 Android ID: A-176533109
CVE-2021-0519 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.70 USE AFTER FREE CWE-416
In several functions of MemoryFileSystem.cpp and related files, there is a
possible use after free due to a race condition. This could lead to local
escalation of privilege with no additional execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-11, Android-10 Android ID: A-176237595
CVE-2021-0520 has been assigned to this vulnerability. A CVSS v3 base score of
7.0 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:H/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.71 MISSING AUTHORIZATION CWE-862
In getAllPackages of PackageManagerService, there is a possible information
disclosure due to a missing permission check. This could lead to local
information disclosure of cross-user permissions with no additional execution
privileges needed. User interaction is not needed for exploitation. Product:
Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID:
A-174661955
CVE-2021-0521 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.72 USE AFTER FREE CWE-416
In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible
out-of-bounds read due to a use after free. This could lead to remote
information disclosure with no additional execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-11, Android-9, Android-10 Android ID: A-174182139
CVE-2021-0522 has been assigned to this vulnerability. A CVSS v3 base score of
7.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:N/A:N ).
3.2.73 OUT-OF-BOUNDS READ CWE-125
In verifyBufferObject of Parcel.cpp, there is a possible out-of-bounds read due
to an improper input validation. This could lead to local information
disclosure with no additional execution privileges needed. User interaction is
not needed for exploitation. Product: Android Versions: Android-11,
Android-8.1, Android-9, Android-10 Android ID: A-179289794
CVE-2021-0584 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.74 OUT-OF-BOUNDS WRITE CWE-787
In beginWrite and beginRead of MessageQueueBase.h, there is a possible
out-of-bounds write due to improper input validation. This could lead to local
escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-8.1, Android-9, Android-10, Android-11 Android ID: A-184963385
CVE-2021-0585 has been assigned to this vulnerability. A CVSS v3 base score of
6.7 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:H/
UI:N/S:U/C:H/I:H/A:H ).
3.2.75 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021
In onCreate of DevicePickerFragment.java, there is a possible way to trick the
user to select an unwanted bluetooth device due to a tapjacking/overlay attack.
This could lead to local escalation of privilege with no additional execution
privileges needed. User interaction is needed for exploitation. Product:
Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID:
A-182584940
CVE-2021-0586 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:N/
UI:R/S:U/C:H/I:H/A:H ).
3.2.76 USE AFTER FREE CWE-416
In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible
out-of-bounds write due to a use after free. This could lead to local
escalation of privilege with no additional execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-8.1, Android-9, Android-10, Android-11 Android ID: A-185259758
CVE-2021-0587 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.77 EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668
In processInboundMessage of MceStateMachine.java, there is a possible SMS
disclosure due to a missing permission check. This could lead to local
information disclosure with no additional execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-8.1, Android-9 Android ID: A-177238342
CVE-2021-0588 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.78 OUT-OF-BOUNDS WRITE CWE-787
In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out-of-bounds write
due to an incorrect bounds check. This could lead to local escalation of
privilege with User execution privileges needed. User interaction is not needed
for exploitation. Product: Android Versions: Android-11, Android-8.1,
Android-9, Android-10 Android ID: A-180939982
CVE-2021-0589 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.79 EXTERNALLY CONTROLLED REFERENCE TO A RESOURCE IN ANOTHER SPHERE CWE-610
In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a
possible way to invoke privileged broadcast receivers due to a confused deputy.
This could lead to local escalation of privilege with User execution privileges
needed. User interaction is needed for exploitation. Product: Android Versions:
Android-9, Android-10, Android-11, Android-8.1 Android ID: A-179386960
CVE-2021-0591 has been assigned to this vulnerability. A CVSS v3 base score of
7.3 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:R/S:U/C:H/I:H/A:H ).
3.2.80 EXTERNALLY CONTROLLED REFERENCE TO A RESOURCE IN ANOTHER SPHERE CWE-610
In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way
to invoke a privileged broadcast receiver due to a confused deputy. This could
lead to local escalation of privilege with User execution privileges needed.
User interaction is not needed for exploitation. Product: Android Versions:
Android-10, Android-11, Android-8.1, Android-9 Android ID: A-179386068
CVE-2021-0593 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.81 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A
DOWNSTREAM COMPONENT ('INJECTION') CWE-74
In onCreate of ConfirmConnectActivity, there is a possible remote bypass of
user consent due to improper input validation. This could lead to remote
(proximal, NFC) escalation of privilege allowing an attacker to deceive a user
into allowing a Bluetooth connection with no additional execution privileges
needed. User interaction is needed for exploitation. Product: Android Versions:
Android-11, Android-8.1, Android-9, Android-10 Android ID: A-176445224
CVE-2021-0594 has been assigned to this vulnerability. A CVSS v3 base score of
8.0 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:A/AC:L/PR:N/
UI:R/S:U/C:H/I:H/A:H ).
3.2.82 OUT-OF-BOUNDS READ CWE-125
In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible
out-of-bounds read due to a missing bounds check. This could lead to remote
information disclosure over NFC with no additional execution privileges needed.
User interaction is not needed for exploitation. Product: Android Versions:
Android-11, Android-8.1, Android-9, Android-10 Android ID: A-181346550
CVE-2021-0596 has been assigned to this vulnerability. A CVSS v3 base score of
7.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:N/A:N ).
3.2.83 MISSING AUTHORIZATION CWE-862
In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a
possible way to retrieve SIP account names due to a missing permission check.
This could lead to local information disclosure with no additional execution
privileges needed. User interaction is not needed for exploitation. Product:
Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID:
A-176496502
CVE-2021-0597 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.84 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021
In onCreate of ConfirmConnectActivity.java, there is a possible pairing of
untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead
to local escalation of privilege with User execution privileges needed. User
interaction is needed for exploitation. Product: Android Versions: Android-11,
Android-8.1, Android-9, Android-10 Android ID: A-180422108
CVE-2021-0598 has been assigned to this vulnerability. A CVSS v3 base score of
7.3 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:R/S:U/C:H/I:H/A:H ).
3.2.85 EXTERNALLY CONTROLLED REFERENCE TO A RESOURCE IN ANOTHER SPHERE CWE-610
In scheduleTimeoutLocked of NotificationRecord.java, there is a possible
disclosure of a sensitive identifier via broadcasted intent due to a confused
deputy. This could lead to local information disclosure with no additional
execution privileges needed. User interaction is not needed for exploitation.
Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1
Android ID: A-175614289
CVE-2021-0599 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.86 IMPROPER INPUT VALIDATION CWE-20
In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user
to activate a device admin app due to improper input validation. This could
lead to local escalation of privilege with no additional execution privileges
needed. User interaction is needed for exploitation. Product: Android Versions:
Android-8.1, Android-9, Android-10, Android-11 Android ID: A-179042963
CVE-2021-0600 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:N/
UI:R/S:U/C:H/I:H/A:H ).
3.2.87 DOUBLE FREE CWE-415
In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out-of-bounds write
due to a double free. This could lead to local information disclosure with no
additional execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1,
Android-9 Android ID: A-180643802
CVE-2021-0601 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.88 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311
In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way
to share private files over Bluetooth due to a confused deputy. This could lead
to local information disclosure with no additional execution privileges needed.
User interaction is needed for exploitation. Product: Android Versions:
Android-9, Android-10, Android-11, Android-8.1 Android ID: A-179910660
CVE-2021-0604 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:N/
UI:R/S:U/C:H/I:N/A:N ).
3.2.89 OUT-OF-BOUNDS WRITE CWE-787
In noteAtomLogged of StatsdStats.cpp, there is a possible out-of-bounds write
due to a missing bounds check. This could lead to local escalation of privilege
with no additional execution privileges needed. User interaction is not needed
for exploitation. Product: Android Versions: Android-10, Android-11, Android-9
Android ID: A-187957589
CVE-2021-0640 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.90 MISSING AUTHORIZATION CWE-862
In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a
possible disclosure of unique identifiers due to a missing permission check.
This could lead to local information disclosure with no additional execution
privileges needed. User interaction is not needed for exploitation. Product:
Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID:
A-185235454
CVE-2021-0641 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.91 MISSING AUTHORIZATION CWE-862
In onResume of VoicemailSettingsFragment.java, there is a possible way to
retrieve a trackable identifier without permissions due to a missing permission
check. This could lead to local information disclosure with no additional
execution privileges needed. User interaction is needed for exploitation.
Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9
Android ID: A-185126149
CVE-2021-0642 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:N/
UI:R/S:U/C:H/I:N/A:N ).
3.2.92 OUT-OF-BOUNDS WRITE CWE-787
In sqlite3_str_vappendf of sqlite3.c, there is a possible out-of-bounds write
due to improper input validation. This could lead to local escalation of
privilege if the user can also inject a printf into a privileged process's SQL
with no additional execution privileges needed. User interaction is not needed
for exploitation. Product: Android Versions: Android-9, Android-10, Android-11,
Android-8.1 Android ID: A-153352319
CVE-2021-0646 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.93 OUT-OF-BOUNDS READ CWE-125
In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out-of-bounds
read due to an incorrect bounds check. This could lead to remote information
disclosure with no additional execution privileges needed. User interaction is
needed for exploitation. Product: Android Versions: Android-10, Android-11,
Android-9 Android ID: A-190286685
CVE-2021-0650 has been assigned to this vulnerability. A CVSS v3 base score of
6.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:R/S:U/C:H/I:N/A:N ).
3.2.94 IMPROPER INPUT VALIDATION CWE-20
In loadLabel of PackageItemInfo.java, there is a possible way to cause a denial
of service in a device by having a long label in an app due to incorrect input
validation. This could lead to local denial of service with no additional
execution privileges needed. User interaction is needed for exploitation.
Product: Android Versions: Android-11, Android-9, Android-10 Android ID:
A-67013844
CVE-2021-0651 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:N/
UI:R/S:U/C:N/I:N/A:H ).
3.2.95 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION
('RACE CONDITION') CWE-362
In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible
way to introduce a memory corruption due to sharing objects that are not
thread-safe. This could lead to local escalation of privilege with no
additional execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10,
Android-11 Android ID: A-185178568
CVE-2021-0652 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.96 MISSING AUTHORIZATION CWE-862
In enqueueNotification of NetworkPolicyManagerService.java, there is a possible
way to retrieve a trackable identifier due to a missing permission check. This
could lead to local information disclosure with no additional execution
privileges needed. User interaction is not needed for exploitation. Product:
Android Versions: Android-10, Android-11, Android-9 Android ID: A-177931370
CVE-2021-0653 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.97 MISSING AUTHORIZATION CWE-862
In sendAccessibilityEvent of NotificationManagerService.java, there is a
possible disclosure of notification data due to a missing permission check.
This could lead to local information disclosure with User execution privileges
needed. User interaction is not needed for exploitation. Product: Android
Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID:
A-159624555
CVE-2021-0682 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.98 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311
In runTraceIpcStop of ActivityManagerShellCommand.java, deletion of system
files is possible due to a confused deputy. This could lead to local escalation
of privilege with no additional execution privileges needed. User interaction
is not needed for exploitation. Product: Android Versions: Android-11,
Android-8.1, Android-9, Android-10 Android ID: A-185398942
CVE-2021-0683 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.99 USE AFTER FREE CWE-416
In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible
out-of-bounds write due to a use after free. This could lead to local
escalation of privilege with no additional execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-10, Android-11, Android-8.1, Android-9 Android ID: A-179839665
CVE-2021-0684 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.100 EXCESSIVE ITERATION CWE-834
In ellipsize of Layout.java, there is a possible ANR due to improper input
validation. This could lead to local denial of service with no additional
execution privileges needed. User interaction is needed for exploitation.
Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1
Android ID: A-188913943
CVE-2021-0687 has been assigned to this vulnerability. A CVSS v3 base score of
5.0 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:R/S:U/C:N/I:N/A:H ).
3.2.101 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER
SYNCHRONIZATION ('RACE CONDITION') CWE-362
In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass
due to a race condition. This could lead to local escalation of privilege with
User execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1,
Android-9 Android ID: A-161149543
CVE-2021-0688 has been assigned to this vulnerability. A CVSS v3 base score of
7.0 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:H/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.102 OUT-OF-BOUNDS READ CWE-125
In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out-of-bounds
read due to a missing bounds check. This could lead to local information
disclosure with no additional execution privileges needed. User interaction is
not needed for exploitation. Product: Android Versions: Android-10, Android-11,
Android-8.1, Android-9 Android ID: A-190188264
CVE-2021-0689 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.103 OUT-OF-BOUNDS WRITE CWE-787
In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a possible
out-of-bounds write due to heap buffer overflow. This could lead to remote
information disclosure with no additional execution privileges needed. User
interaction is needed for exploitation. Product: Android Versions: Android-9,
Android-10, Android-11, Android-8.1 Android ID: A-182152757
CVE-2021-0690 has been assigned to this vulnerability. A CVSS v3 base score of
6.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:R/S:U/C:H/I:N/A:N ).
3.2.104 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732
In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible
activity launch due to an unsafe PendingIntent. This could lead to local
escalation of privilege with no additional execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-11, Android-9, Android-10 Android ID: A-179289753
CVE-2021-0692 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.105 USE AFTER FREE CWE-416
In get_sock_stat of xt_qtaguid.c, there is a possible out-of-bounds read due to
a use after free. This could lead to local information disclosure with User
execution privileges needed. User interaction is not needed for exploitation.
Product: Android Versions: Android kernel Android ID: A-184018316References:
Upstream kernel
CVE-2021-0695 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.106 IMPROPER PRESERVATION OF PERMISSIONS CWE-281
In createNoCredentialsPermissionNotification and related functions of
AccountManagerService.java, there is a possible way to retrieve accounts from
the device without permissions due to a permissions bypass. This could lead to
local information disclosure with no additional execution privileges needed.
User interaction is not needed for exploitation. Product: Android Versions:
Android-10, Android-11, Android-9 Android ID: A-179338675
CVE-2021-0704 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.107 MISSING AUTHORIZATION CWE-862
In startListening of PluginManagerImpl.java, there is a possible way to disable
arbitrary app components due to a missing permission check. This could lead to
local denial of service with no additional execution privileges needed. User
interaction is not needed for exploitation.Product: Android Versions:
Android-10 Android-11Android ID: A-193444889
CVE-2021-0706 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:N/I:N/A:H ).
3.2.108 EXTERNALLY CONTROLLED REFERENCE TO A RESOURCE IN ANOTHER SPHERE CWE-610
In runDumpHeap of ActivityManagerShellCommand.java, deletion of system files is
possible due to a confused deputy. This could lead to local escalation of
privilege with no additional execution privileges needed. User interaction is
not needed for exploitation. Product: Android Versions: Android-9, Android-10,
Android-11, Android-8.1 Android ID: A-183262161
CVE-2021-0708 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.109 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER
SYNCHRONIZATION ('RACE CONDITION') CWE-362
In RW_SetActivatedTagType of rw_main.cc, memory corruption is possible due to a
race condition. This could lead to remote code execution with no additional
execution privileges needed. User interaction is not needed for exploitation.
Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1
Android ID: A-192472262
CVE-2021-0870 has been assigned to this vulnerability. A CVSS v3 base score of
8.1 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:H/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.110 INTEGER OVERFLOW OR WRAPAROUND CWE-190
In getService of IServiceManager.cpp, there is a possible unhandled exception
due to an integer overflow. This could lead to local denial of service making
the lockscreen unusable with no additional execution privileges needed. User
interaction is needed for exploitation. Product: Android Versions: Android-10,
Android-11, Android-9 Android ID: A-197336441
CVE-2021-0919 has been assigned to this vulnerability. A CVSS v3 base score of
5.0 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:R/S:U/C:N/I:N/A:H ).
3.2.111 USE AFTER FREE CWE-416
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to
a race condition. This could lead to local escalation of privilege with System
execution privileges needed. User interaction is not needed for exploitation.
Product: Android Versions: Android kernel Android ID: A-196926917References:
Upstream kernel
CVE-2021-0920 has been assigned to this vulnerability. A CVSS v3 base score of
6.4 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:H/PR:H/
UI:N/S:U/C:H/I:H/A:H ).
3.2.112 MISSING AUTHORIZATION CWE-862
In onCreate of NfcImportVCardActivity.java, there is a possible way to add a
contact without user's consent due to a missing permission check. This could
lead to local escalation of privilege with no additional execution privileges
needed. User interaction is not needed for exploitation. Product: Android
Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-191053931
CVE-2021-0926 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.113 IMPROPER HANDLING OF EXCEPTIONAL CONDITIONS CWE-755
In createFromParcel of OutputConfiguration.java, there is a possible parcel
serialization/deserialization mismatch due to improper input validation. This
could lead to local escalation of privilege with no additional execution
privileges needed. User interaction is not needed for exploitation. Product:
Android Versions: Android-10, Android-11, Android-9 Android ID: A-188675581
CVE-2021-0928 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.114 USE AFTER FREE CWE-416
In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a
possible way to corrupt memory due to a use after free. This could lead to
local escalation of privilege with no additional execution privileges needed.
User interaction is not needed for exploitation. Product: Android Versions:
Android kernel Android ID: A-187527909 References: Upstream kernel
CVE-2021-0929 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.115 OUT-OF-BOUNDS WRITE CWE-787
In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible
out-of-bounds write due to a missing bounds check. This could lead to remote
code execution over NFC with no additional execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-10, Android-11, Android-12, Android-9 Android ID: A-181660091
CVE-2021-0930 has been assigned to this vulnerability. A CVSS v3 base score of
8.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:A/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.116 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311
In getAlias of BluetoothDevice.java, there is a possible way to create
misleading permission dialogs due to missing data filtering. This could lead to
local information disclosure with User execution privileges needed. User
interaction is needed for exploitation. Product: Android Versions: Android-10,
Android-11, Android-12, Android-9 Android ID: A-180747689
CVE-2021-0931 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:N/
UI:R/S:U/C:H/I:N/A:N ).
3.2.117 IMPROPER ENCODING OR ESCAPING OF OUTPUT CWE-116
In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java,
there is a possible way for HTML tags to interfere with a consent dialog due to
improper input validation. This could lead to remote escalation of privilege,
confusing the user into accepting pairing of a malicious Bluetooth device, with
no additional execution privileges needed. User interaction is needed for
exploitation. Product: Android Versions: Android-10, Android-11, Android-12,
Android-9 Android ID: A-172251622
CVE-2021-0933 has been assigned to this vulnerability. A CVSS v3 base score of
8.0 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:A/AC:L/PR:N/
UI:R/S:U/C:H/I:H/A:H ).
3.2.118 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311
In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission
bypass due to a confused deputy. This could lead to local information
disclosure of user's contacts with no additional execution privileges needed.
User interaction is needed for exploitation. Product: Android Versions:
Android-10, Android-11, Android-12, Android-9 Android ID: A-195748381
CVE-2021-0952 has been assigned to this vulnerability. A CVSS v3 base score of
5.0 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:R/S:U/C:H/I:N/A:N ).
3.2.119 IMPROPER PRESERVATION OF PERMISSIONS CWE-281
In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible
way to access contacts and history bookmarks without permission due to an
unsafe PendingIntent. This could lead to local escalation of privilege with
User execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android-10, Android-11, Android-12,
Android-9 Android ID: A-184046278
CVE-2021-0953 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.120 MISSING INITIALIZATION OF RESOURCE CWE-909
In quota_proc_write of xt_quota2.c, there is a possible way to read kernel
memory due to uninitialized data. This could lead to local information
disclosure with System execution privileges needed. User interaction is not
needed for exploitation. Product: Android Versions: Android kernel Android ID:
A-196046570References: Upstream kernel
CVE-2021-0961 has been assigned to this vulnerability. A CVSS v3 base score of
4.4 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:H/
UI:N/S:U/C:H/I:N/A:N ).
3.2.121 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021
In onCreate of KeyChainActivity.java, there is a possible way to use an app
certificate stored in keychain due to a tapjacking/overlay attack. This could
lead to local escalation of privilege with no additional execution privileges
needed. User interaction is needed for exploitation. Product: Android Versions:
Android-10, Android-11, Android-12, Android-9 Android ID: A-199754277
CVE-2021-0963 has been assigned to this vulnerability. A CVSS v3 base score of
7.1 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:N/
UI:R/S:U/C:H/I:H/A:N ).
3.2.122 INCORRECT CONVERSION BETWEEN NUMERIC TYPES CWE-681
In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out-of-bounds
write due to a heap buffer overflow. This could lead to remote information
disclosure with no additional execution privileges needed. User interaction is
needed for exploitation. Product: Android Versions: Android-10, Android-11,
Android-12, Android-9 Android ID: A-193363621
CVE-2021-0964 has been assigned to this vulnerability. A CVSS v3 base score of
6.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:R/S:U/C:H/I:N/A:N ).
3.2.123 MISSING AUTHORIZATION CWE-862
In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth
device without user's consent due to a missing permission check. This could
lead to local escalation of privilege with no additional execution privileges
needed. User interaction is not needed for exploitation. Product: Android
Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-194300867
CVE-2021-0965 has been assigned to this vulnerability. A CVSS v3 base score of
8.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:A/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.124 OUT-OF-BOUNDS WRITE CWE-787
In vorbis_book_decodev_set of codebook.c, there is a possible out-of-bounds
write due to a missing bounds check. This could lead to remote information
disclosure with no additional execution privileges needed. User interaction is
needed for exploitation. Product: Android Versions: Android-10, Android-11,
Android-12, Android-9 Android ID: A-199065614
CVE-2021-0967 has been assigned to this vulnerability. A CVSS v3 base score of
8.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:R/S:U/C:H/I:H/A:H ).
3.2.125 INTEGER OVERFLOW OR WRAPAROUND CWE-190
In osi_malloc and osi_calloc of allocator.cc, there is a possible out-of-bounds
write due to an integer overflow. This could lead to remote code execution with
no additional execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android-10, Android-11, Android-12,
Android-9 Android ID: A-197868577
CVE-2021-0968 has been assigned to this vulnerability. A CVSS v3 base score of
8.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:R/S:U/C:H/I:H/A:H ).
3.2.126 DESERIALIZATION OF UNTRUSTED DATA CWE-502
In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel
serialization/deserialization mismatch. This could lead to local escalation of
privilege with no additional execution privileges needed. User interaction is
not needed for exploitation. Product: Android Versions: Android-10, Android-11,
Android-12, Android-9 Android ID: A-196970023
CVE-2021-0970 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.127 BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW')
CWE-120
Possible buffer overflow due to improper validation of device types during P2P
search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,
Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,
Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure
and Networking.
CVE-2021-1972 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.128 USE AFTER FREE CWE-416
A use after free can occur due to improper validation of P2P device address in
PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon
Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon
Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and
Networking.
CVE-2021-1976 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.129 MISSING INITIALIZATION OF RESOURCE CWE-909
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net
/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel
memory because of a partially uninitialized data structure, aka
CID-50535249f624.
CVE-2021-29647 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.130 INTEGER OVERFLOW OR WRAPAROUND CWE-190
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not
properly restrict seq buffer allocations, leading to an integer overflow, an
out-of-bounds write, and escalation to root by an unprivileged user, aka
CID-8cae8cd89f05.
CVE-2021-33909 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.131 USE AFTER FREE CWE-416
drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows
physically proximate attackers to cause a denial of service (use-after-free and
panic) by removing a MAX-3421 USB device in certain situations.
CVE-2021-38204 has been assigned to this vulnerability. A CVSS v3 base score of
6.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:P/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.132 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a
possible permissions bypass due to an unsafe PendingIntent. This could lead to
local escalation of privilege with User execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-10, Android-11, Android-12, Android-9 Android ID: A-185126319
CVE-2021-39621 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.133 OUT-OF-BOUNDS WRITE CWE-787
In doRead of SimpleDecodingSource.cpp, there is a possible out-of-bounds write
due to an incorrect bounds check. This could lead to remote escalation of
privilege with no additional execution privileges needed. User interaction is
not needed for exploitation. Product: Android Versions: Android-10, Android-11,
Android-12, Android-9 Android ID: A-194105348
CVE-2021-39623 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.134 EXTERNALLY CONTROLLED REFERENCE TO A RESOURCE IN ANOTHER SPHERE CWE-610
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible
permission bypass due to a confused deputy. This could lead to local escalation
of privilege in Bluetooth settings with no additional execution privileges
needed. User interaction is not needed for exploitation. Product: Android
Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-194695497
CVE-2021-39626 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.135 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a
possible permissions bypass due to an unsafe PendingIntent. This could lead to
local escalation of privilege with User execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-10, Android-11, Android-12, Android-9 Android ID: A-185126549
CVE-2021-39627 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.136 USE AFTER FREE CWE-416
In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use
after free due to a race condition. This could lead to local escalation of
privilege with no additional execution privileges needed. User interaction is
not needed for exploitation. Product: Android Versions: Android-10, Android-11,
Android-12, Android-9 Android ID: A-197353344
CVE-2021-39629 has been assigned to this vulnerability. A CVSS v3 base score of
7.0 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:H/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.137 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER
CWE-119
In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an
invalid memory access. This could lead to local information disclosure with no
additional execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android kernel Android ID: A-150694665
References: Upstream kernel
CVE-2021-39633 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.138 USE AFTER FREE CWE-416
In fs/eventpoll.c, there is a possible use after free. This could lead to local
escalation of privilege with no additional execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions: Android
kernel Android ID: A-204450605References: Upstream kernel
CVE-2021-39634 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.139 DOUBLE FREE CWE-415
In ce_t4t_data_cback of ce_t4t.cc, there is a possible out-of-bounds write due
to a double free. This could lead to remote code execution with no additional
execution privileges needed. User interaction is not needed for exploitation.
Product: Android Versions: Android-10, Android-11, Android-12, Android-12L
Android ID: A-221862119
CVE-2022-20127 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.140 IMPROPER CHECK FOR UNUSUAL OR EXCEPTIONAL CONDITIONS CWE-754
In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible
out-of-bounds write due to a heap buffer overflow. This could lead to remote
code execution with no additional execution privileges needed. User interaction
is not needed for exploitation. Product: Android Versions: Android-10,
Android-11, Android-12, Android-12L Android ID: A-224314979
CVE-2022-20130 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.141 OUT-OF-BOUNDS READ CWE-125
In USB driver, there is a possible out-of-bounds read due to a heap buffer
overflow. This could lead to local information disclosure with User execution
privileges needed. User interaction is not needed for exploitation. Product:
Android Versions: Android kernel Android ID: A-216825460 References: Upstream
kernel
CVE-2022-20227 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:N/A:N ).
3.2.142 OUT-OF-BOUNDS WRITE CWE-787
In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a
possible out-of-bounds write due to a missing bounds check. This could lead to
remote code execution with no additional execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-10, Android-11, Android-12, Android-12L Android ID: A-224536184
CVE-2022-20229 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.143 IMPROPER INPUT VALIDATION CWE-20
In get of PacProxyService.java, there is a possible system service crash due to
improper input validation. This could lead to local denial of service with User
execution privileges needed. User interaction is not needed for exploitation.
Product: Android Versions: Android-10, Android-11, Android-12, Android-12L
Android ID: A-219498290
CVE-2022-20355 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:N/I:N/A:H ).
3.2.144 OUT-OF-BOUNDS WRITE CWE-787
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out-of-bounds write due
to a missing bounds check. This could lead to remote code execution over
Bluetooth with no additional execution privileges needed. User interaction is
not needed for exploitation. Product: Android Versions: Android-10, Android-11,
Android-12, Android-12L, Android-13 Android ID: A-232023771
CVE-2022-20411 has been assigned to this vulnerability. A CVSS v3 base score of
8.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:A/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.145 USE AFTER FREE CWE-416
In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt
memory due to a use after free. This could lead to local escalation of
privilege with no additional execution privileges needed. User interaction is
not needed for exploitation. Product: Android Versions: Android kernel Android
ID: A-239630375 References: Upstream kernel
CVE-2022-20421 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.146 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER
SYNCHRONIZATION ('RACE CONDITION') CWE-362
In emulation_proc_handler of armv8_deprecated.c, there is a possible way to
corrupt memory due to a race condition. This could lead to local escalation of
privilege with no additional execution privileges needed. User interaction is
not needed for exploitation. Product: Android Versions: Android kernel Android
ID: A-237540956 References: Upstream kernel
CVE-2022-20422 has been assigned to this vulnerability. A CVSS v3 base score of
7.0 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:H/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.147 INTEGER OVERFLOW OR WRAPAROUND CWE-190
In rndis_set_response of rndis.c, there is a possible out-of-bounds write due
to an integer overflow. This could lead to local escalation of privilege if a
malicious USB device is attached with no additional execution privileges
needed. User interaction is not needed for exploitation. Product: Android
Versions: Android kernel Android ID: A-239842288 References: Upstream kernel
CVE-2022-20423 has been assigned to this vulnerability. A CVSS v3 base score of
4.6 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:P/AC:L/PR:N/
UI:N/S:U/C:H/I:N/A:N ).
3.2.148 OUT-OF-BOUNDS WRITE CWE-787
In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible
out-of-bounds write due to a missing bounds check. This could lead to local
escalation of privilege with no additional execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID:
A-230356196
CVE-2022-20462 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:H/I:H/A:H ).
3.2.149 INITIALIZATION OF A RESOURCE WITH AN INSECURE DEFAULT CWE-1188
In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a
possible way to observe the user's password on a secondary display due to an
insecure default value. This could lead to local information disclosure with no
additional execution privileges needed. User interaction is needed for
exploitation. Product: Android Versions: Android-10, Android-11, Android-12,
Android-12L, Android-13 Android ID: A-179725730
CVE-2022-20466 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:N/
UI:R/S:U/C:H/I:N/A:N ).
3.2.150 OUT-OF-BOUNDS READ CWE-125
In BNEP_ConnectResp of bnep_api.cc, there is a possible out-of-bounds read due
to an incorrect bounds check. This could lead to local information disclosure
over Bluetooth with no additional execution privileges needed. User interaction
is not needed for exploitation. Product: Android Versions: Android-10,
Android-11, Android-12, Android-12L, Android-13 Android ID: A-228450451
CVE-2022-20468 has been assigned to this vulnerability. A CVSS v3 base score of
6.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:A/AC:L/PR:N/
UI:N/S:U/C:H/I:N/A:N ).
3.2.151 OUT-OF-BOUNDS WRITE CWE-787
In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out-of-bounds
write due to a missing bounds check. This could lead to local escalation of
privilege over Bluetooth with no additional execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID:
A-230867224
CVE-2022-20469 has been assigned to this vulnerability. A CVSS v3 base score of
8.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:A/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.152 OUT-OF-BOUNDS READ CWE-125
In toLanguageTag of LocaleListCache.cpp, there is a possible out-of-bounds read
due to an incorrect bounds check. This could lead to remote code execution with
no additional execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android-10, Android-11, Android-12,
Android-12L, Android-13 Android ID: A-239210579
CVE-2022-20472 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.153 OUT-OF-BOUNDS READ CWE-125
In toLanguageTag of LocaleListCache.cpp, there is a possible out-of-bounds read
due to an incorrect bounds check. This could lead to remote code execution with
no additional execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android-10, Android-11, Android-12,
Android-12L, Android-13 Android ID: A-239267173
CVE-2022-20473 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:H/A:H ).
3.2.154 LOOP WITH UNREACHABLE EXIT CONDITION ('INFINITE LOOP') CWE-835
In setEnabledSetting of PackageManager.java, there is a possible way to get the
device into an infinite reboot loop due to resource exhaustion. This could lead
to local denial of service with no additional execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions:
Android-10, Android-11, Android-12, Android-12L Android ID: A-240936919
CVE-2022-20476 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:N/I:N/A:H ).
3.2.155 INTEGER UNDERFLOW (WRAP OR WRAPAROUND) CWE-191
In several functions that parse avrc response in avrc_pars_ct.cc and related
files, there are possible out-of-bounds reads due to integer overflows. This
could lead to remote information disclosure with no additional execution
privileges needed. User interaction is not needed for exploitation. Product:
Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13
Android ID: A-242459126
CVE-2022-20483 has been assigned to this vulnerability. A CVSS v3 base score of
7.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:N/AC:L/PR:N/
UI:N/S:U/C:H/I:N/A:N ).
3.2.156 OUT-OF-BOUNDS READ CWE-125
In fdt_path_offset_namelen of fdt_ro.c, there is a possible out-of-bounds read
due to an incorrect bounds check. This could lead to local information
disclosure with System execution privileges needed. User interaction is not
needed for exploitation. Product: Android Versions: Android-10, Android-11,
Android-12, Android-12L, Android-13 Android ID: A-246465319
CVE-2022-20498 has been assigned to this vulnerability. A CVSS v3 base score of
4.4 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:H/
UI:N/S:U/C:H/I:N/A:N ).
3.2.157 IMPROPER HANDLING OF EXCEPTIONAL CONDITIONS CWE-755
In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due
to an uncaught exception. This could lead to local denial of service with no
additional execution privileges needed. User interaction is not needed for
exploitation. Product: Android Versions: Android-10, Android-11, Android-12,
Android-12L, Android-13 Android ID: A-246540168
CVE-2022-20500 has been assigned to this vulnerability. A CVSS v3 base score of
5.5 has been calculated; the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/
UI:N/S:U/C:N/I:N/A:H ).
3.3 BACKGROUND
o CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
o COUNTRIES/AREAS DEPLOYED: Worldwide
o COMPANY HEADQUARTERS LOCATION: Germany
3.4 RESEARCHER
Siemens reported these vulnerabilities to CISA.
4. MITIGATIONS
Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends
users update to the latest version.
As a general security measure, Siemens recommends protecting network access to
devices with appropriate mechanisms. To operate the devices in a protected IT
environment, Siemens recommends configuring the environment according to
Siemens' operational guidelines for industrial security and following
recommendations in the product manuals.
Additional information on industrial security by Siemens can be found on the
Siemens industrial security webpage .
For more information see the associated Siemens security advisory SSA-770721 in
HTML and CSAF .
CISA recommends users take defensive measures to minimize the risk of
exploitation of these vulnerabilities. CISA reminds organizations to perform
proper impact analysis and risk assessment prior to deploying defensive
measures.
CISA also provides a section for control systems security recommended practices
on the ICS webpage on cisa.gov . Several CISA products detailing cyber defense
best practices are available for reading and download, including Improving
Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies .
CISA encourages organizations to implement recommended cybersecurity strategies
for proactive defense of ICS assets .
Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage at cisa.gov in the technical information paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .
Organizations observing suspected malicious activity should follow established
internal procedures and report findings to CISA for tracking and correlation
against other incidents.
CISA also recommends users take the following measures to protect themselves
from social engineering attacks:
o Do not click web links or open attachments in unsolicited email messages.
o Refer to Recognizing and Avoiding Email Scams for more information on
avoiding email scams.
o Refer to Avoiding Social Engineering and Phishing Attacks for more
information on social engineering attacks.
No known public exploitation specifically targeting these vulnerabilities has
been reported to CISA at this time.
5. UPDATE HISTORY
o March 14, 2024: Initial Publication
This product is provided subject to this Notification and this Privacy & Use
policy.
Vendor
Siemens
- --------------------------END INCLUDED TEXT----------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================