Biuletyn Android Security Bulletin zawiera szczegółowe informacje na temat luk w zabezpieczeniach urządzeń z systemem Android. Poziomy poprawek zabezpieczeń z dnia 2022-04-05 lub nowsze rozwiązują wszystkie te problemy.
Najpoważniejszym z tych problemów jest luka o wysokim poziomie bezpieczeństwa w komponencie Framework, która może prowadzić do lokalnej eskalacji uprawnień bez konieczności posiadania dodatkowych uprawnień do wykonywania. Do eksploatacji nie jest wymagana interakcja użytkownika. Ocena dotkliwości opiera się na możliwym wpływie wykorzystania tej luki na urządzenie, którego dotyczy, przy założeniu, że platforma i ograniczenia związane z usługami są wyłączone w celach programistycznych lub pomyślnie ominięte.
Framework
CVE | References | Type | Severity | Updated AOSP versions |
CVE-2021-0694 | A-183147114 | EoP | High | 11 |
CVE-2021-39794 | A-205836329 | EoP | High | 11, 12, 12L |
CVE-2021-39795 | A-201667614 | EoP | High | 11, 12, 12L |
CVE-2021-39796 | A-205595291 | EoP | High | 10, 11, 12, 12L |
CVE-2021-39797 | A-209607104 | EoP | High | 12, 12L |
CVE-2021-39798 | A-213169612 | EoP | High | 12, 12L |
CVE-2021-39799 | A-200288596 | EoP | High | 12, 12L |
Media Framework
CVE | References | Type | Severity | Updated AOSP versions |
CVE-2021-39803 | A-193790350 | ID | High | 10, 11, 12, 12L |
CVE-2021-39804 | A-215002587 | DoS | High | 11, 12, 12L |
System
CVE | References | Type | Severity | Updated AOSP versions |
CVE-2021-39808 | A-209966086 | EoP | High | 10, 11, 12 |
CVE-2021-39805 | A-212694559 | ID | High | 12, 12L |
CVE-2021-39809 | A-205837191 | ID | High | 10, 11, 12, 12L |
System
CVE | References | Type | Severity | Updated AOSP versions |
CVE-2021-39807 | A-209446496 | EoP | High | 10, 11, 12, 12L |
Kernel components
CVE | References | Type | Severity | Component |
CVE-2021-0707 | A-155756045 Upstream kernel | EoP | High | dma-buf |
CVE-2021-39801 | A-209791720 Upstream kernel [2] [3] | EoP | High | ION |
CVE-2021-39802 | A-213339151 Upstream kernel [2] [3] [4] | EoP | High | Memory Management |
CVE-2021-39800 | A-208277166 Upstream kernel [2] [3] | ID | High | ION |
MediaTek components
CVE | References | Severity | Component |
CVE-2022-20081 | A-218242055 M-ALPS06461919 * | High | A-GPS |
CVE-2021-25477 | A-220262213 M-MOLY00684727 * | High | Modem LTE RRC |
Qualcomm components
CVE | References | Severity | Component |
CVE-2021-35081 | A-213239834 QC-CR#3028274 | Critical | WLAN |
CVE-2021-35112 | A-201574693 QC-CR#3049280 | Critical | Display |
CVE-2021-35123 | A-213239948 QC-CR#3032290 | Critical | Bluetooth |
CVE-2021-30334 | A-213239835 QC-CR#2963049 [2] QC-CR#3052789 | High | Display |
CVE-2021-35091 | A-204905109 QC-CR#3008877 | High | Display |
CVE-2021-35095 | A-204905206 QC-CR#2996895 | High | Kernel |
CVE-2021-35130 | A-213240026 QC-CR#3057133 | High | Display |
Qualcomm closed-source components
CVE | References | Severity | Component |
CVE-2021-30339 | A-202025975 * | Critical | Closed-source component |
CVE-2021-30341 | A-202024969 * | Critical | Closed-source component |
CVE-2021-30342 | A-202025860 * | Critical | Closed-source component |
CVE-2021-30343 | A-202025978 * | Critical | Closed-source component |
CVE-2021-30347 | A-202025598 * | Critical | Closed-source component |
CVE-2021-35104 | A-213240044 * | Critical | Closed-source component |
CVE-2021-30281 | A-202025858 * | High | Closed-source component |
CVE-2021-30338 | A-202025859 * | High | Closed-source component |
CVE-2021-30340 | A-202025736 * | High | Closed-source component |
CVE-2021-30344 | A-192612963* | High | Closed-source component |
CVE-2021-30345 | A-202025737* | High | Closed-source component |
CVE-2021-30346 | A-202025862 * | High | Closed-source component |
CVE-2021-30349 | A-202025797 * | High | Closed-source component |
CVE-2021-30350 | A-202025979 * | High | Closed-source component |
CVE-2021-35070 | A-202025864 * | High | Closed-source component |
CVE-2021-35100 | A-213240046 * | High | Closed-source component |
Informacja:https://source.android.com/security/bulletin/2022-04-01