Android Multiple Vulnerabilities
Release Date: 4 Oct 2023
RISK: Extremely High Risk
TYPE: Operating Systems - Mobile & Apps
Multiple vulnerabilities were identified in Android. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and sensitive information disclosure on the targeted system.
Note:
There are indications that CVE-2023-4863 and CVE-2023-4211 is under active exploitation in the wild.
CVE-2023-4863: Heap buffer overflow in libwebp.
CVE-2023-4211: A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
Impact
- Denial of Service
- Remote Code Execution
- Elevation of Privilege
- Information Disclosure
System / Technologies affected
- Android security patch level prior to 2023-10-06
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor:
https://source.android.com/docs/security/bulletin/2023-10-01
Vulnerability Identifier
- CVE-2021-44828
- CVE-2022-28348
- CVE-2023-4211
- CVE-2023-4863
- CVE-2023-20819
- CVE-2023-21244
- CVE-2023-21252
- CVE-2023-21253
- CVE-2023-21266
- CVE-2023-21291
- CVE-2023-21673
- CVE-2023-22385
- CVE-2023-24843
- CVE-2023-24844
- CVE-2023-24847
- CVE-2023-24848
- CVE-2023-24849
- CVE-2023-24850
- CVE-2023-24853
- CVE-2023-24855
- CVE-2023-28540
- CVE-2023-32819
- CVE-2023-32820
- CVE-2023-33026
- CVE-2023-33027
- CVE-2023-33028
- CVE-2023-33029
- CVE-2023-33034
- CVE-2023-33035
- CVE-2023-33200
- CVE-2023-34970
- CVE-2023-40116
- CVE-2023-40117
- CVE-2023-40120
- CVE-2023-40121
- CVE-2023-40123
- CVE-2023-40125
- CVE-2023-40127
- CVE-2023-40128
- CVE-2023-40129
- CVE-2023-40130
- CVE-2023-40131
- CVE-2023-40133
- CVE-2023-40134
- CVE-2023-40135
- CVE-2023-40136
- CVE-2023-40137
- CVE-2023-40138
- CVE-2023-40139
- CVE-2023-40140
- CVE-2023-40638
沒有留言:
發佈留言