Android Multiple Vulnerabilities

Multiple vulnerabilities were identified in Android. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and sensitive information disclosure on the targeted system.

Note:

There are indications that CVE-2023-4863 and CVE-2023-4211 is under active exploitation in the wild.

CVE-2023-4863: Heap buffer overflow in libwebp.

CVE-2023-4211: A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.

Impact

• Denial of Service
• Remote Code Execution
• Elevation of Privilege
• Information Disclosure

System / Technologies affected

• Android security patch level prior to 2023-10-06

Solutions

Before installation of the software, please visit the vendor web-site for more details.

• Apply fixes issued by the vendor:
  https://source.android.com/docs/security/bulletin/2023-10-01

Vulnerability Identifier

• CVE-2021-44828
• CVE-2022-28348
• CVE-2023-4211
• CVE-2023-4863
• CVE-2023-20819
• CVE-2023-21244
• CVE-2023-21252
• CVE-2023-21253
• CVE-2023-21266
• CVE-2023-21291
• CVE-2023-21673
• CVE-2023-22385
• CVE-2023-24843
• CVE-2023-24844
• CVE-2023-24847
• CVE-2023-24848
• CVE-2023-24849
• CVE-2023-24850
• CVE-2023-24853
• CVE-2023-24855
• CVE-2023-28540
• CVE-2023-32819
• CVE-2023-32820
• CVE-2023-33026
• CVE-2023-33027
• CVE-2023-33028
• CVE-2023-33029
• CVE-2023-33034
• CVE-2023-33035
• CVE-2023-33200
• CVE-2023-34970
• CVE-2023-40116
• CVE-2023-40117
• CVE-2023-40120
• CVE-2023-40121
• CVE-2023-40123
• CVE-2023-40125
• CVE-2023-40127
• CVE-2023-40128
• CVE-2023-40129
• CVE-2023-40130
• CVE-2023-40131
• CVE-2023-40133
• CVE-2023-40134
• CVE-2023-40135
• CVE-2023-40136
• CVE-2023-40137
• CVE-2023-40138
• CVE-2023-40139
• CVE-2023-40140
• CVE-2023-40638

Source

• Android

Related Link

• https://source.android.com/docs/security/bulletin/2023-10-01