Google’s Android Security Update addressed 43 bugs affecting Android Handsets, including Samsung phones.
Android Security Update:
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices.
However, Security patch levels of 2021-01-05 or later address all of these issues.
The more serious flaws exists in the Android System component and allow remote attackers to execute arbitrary code.
On Monday, Two critical bugs released as part of Google’s January Android security bulletin,
In follow, below are the details for each of the security vulnerabilities that apply to the 2021-01-01 patch level — Vulnerabilities are grouped under the component they affect.
Framework
The most severe vulnerability in this section could enable a remote attacker using a specially crafted string to cause a permanent denial of service.
| CVE | References | Type | Severity | Updated AOSP versions |
|---|---|---|---|---|
| CVE-2021-0313 | A-170968514 | DoS | Critical | 8.0, 8.1, 9, 10, 11 |
| CVE-2021-0303 | A-170407229 | EoP | High | 11 |
| CVE-2021-0306 | A-154505240 | EoP | High | 8.0, 8.1, 9, 10, 11 |
| CVE-2021-0307 | A-155648771 | EoP | High | 10, 11 |
| CVE-2021-0310 | A-170212632 | EoP | High | 11 |
| CVE-2021-0315 | A-169763814 | EoP | High | 8.0, 8.1, 9, 10, 11 |
| CVE-2021-0317 | A-168319670 | EoP | High | 8.0, 8.1, 9, 10, 11 |
| CVE-2021-0318 | A-168211968 | EoP | High | 8.1, 9, 10, 11 |
| CVE-2021-0319 | A-167244818 | EoP | High | 8.0, 8.1, 9, 10, 11 |
| CVE-2021-0304 | A-162738636 | ID | High | 8.0, 8.1, 9, 10 |
| CVE-2021-0309 | A-158480899 | ID | High | 8.0, 8.1, 9, 10, 11 |
| CVE-2021-0321 | A-166667403 | ID | High | 11 |
| CVE-2021-0322 | A-159145361 | ID | High | 9, 10, 11 |
| CVE-2019-9376 | A-129287265 | DoS | High | 8.0, 8.1, 9 |
| CVE-2020-15999 | A-171232105 | RCE | Moderate | 8.0, 8.1, 9, 10, 11 |
Media Framework
The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
| CVE | References | Type | Severity | Updated AOSP versions |
|---|---|---|---|---|
| CVE-2016-6328 | A-162602132 | RCE | High | 8.0, 8.1, 9, 10, 11 |
| CVE-2021-0311 | A-170240631 | ID | High | 8.0, 8.1, 9, 10, 11 |
| CVE-2021-0312 | A-170583712 | ID | High | 8.0, 8.1, 9, 10, 11 |
System
The most severe vulnerability in this section could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.
| CVE | References | Type | Severity | Updated AOSP versions |
|---|---|---|---|---|
| CVE-2021-0316 | A-168802990 | RCE | Critical | 8.0, 8.1, 9, 10, 11 |
| CVE-2020-0471 | A-169327567 | EoP | High | 8.0, 8.1, 9, 10, 11 |
| CVE-2021-0308 | A-158063095 | EoP | High | 8.0, 8.1, 9, 10, 11 |
| CVE-2021-0320 | A-169933423 | ID | High | 10, 11 |
Google Play system updates
The following issues are included in Project Mainline components.
| Component | CVE |
|---|---|
| Media Framework components | CVE-2021-0311, CVE-2021-0312 |
Kernel components
The most severe vulnerability in this section could enable a local malicious application to bypass operating system protections that isolate application data from other applications.
| CVE | References | Type | Severity | Component |
|---|---|---|---|---|
| CVE-2020-10732 | A-170658976 Upstream kernel | ID | High | ELF core dumps |
| CVE-2020-10766 | A-169505740 Upstream kernel | ID | High | Speculative execution |
| CVE-2021-0323 | A-156766097 Upstream kernel | ID | High | Linux kernel |
MediaTek components
This vulnerability affects MediaTek components and further details are available directly from MediaTek. The severity assessment of this issue is provided directly by MediaTek.
| References | Severity | Component |
|---|---|---|
| A-172514667 M-ALPS05342361* | High | ged |
Qualcomm components
These vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm security bulletin or security alert.
However, The severity assessment of these issues is provided directly by Qualcomm.
| CVE | References | Severity | Component |
|---|---|---|---|
| CVE-2020-11233 | A-170138863 QC-CR#2257789 | High | Kernel |
| CVE-2020-11239 | A-168722551 QC-CR#2744826 | High | Display |
| CVE-2020-11240 | A-170138526 QC-CR#2702760 [2] [3] | High | Camera |
| CVE-2020-11250 | A-170139097 QC-CR#2734543 | High | Audio |
| CVE-2020-11261 | A-161373974 QC-CR#2742124 | High | Display |
| CVE-2020-11262 | A-170138789 QC-CR#2742711 | High | Display |
Qualcomm closed-source components
In addition, These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert.
However, The severity assessment of these issues is provided directly by Qualcomm.
| CVE | References | Severity | Component |
|---|---|---|---|
| CVE-2020-11134 | A-170138862* | Critical | Closed-source component |
| CVE-2020-11182 | A-168722721* | Critical | Closed-source component |
| CVE-2020-11126 | A-170139227* | High | Closed-source component |
| CVE-2020-11159 | A-170138666* | High | Closed-source component |
| CVE-2020-11181 | A-168051034* | High | Closed-source component |
| CVE-2020-11235 | A-170138866* | High | Closed-source component |
| CVE-2020-11238 | A-170139099* | High | Closed-source component |
| CVE-2020-11241 | A-170139229* | High | Closed-source component |
| CVE-2020-11260 | A-168918332* | High | Closed-source component |
Security Recommendations:
Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as Google, Huawei, LGE, Motorola, Nokia, or Samsung.
Leave A Comment