Rewterz Threat Advisory – CVE-2022-31690 – VMware Tanzu Spring Security Vulnerability
November 18, 2022Rewterz Threat Update – Iran-linked Threat Actors Compromise US Government Network
November 18, 2022Rewterz Threat Advisory – CVE-2022-31690 – VMware Tanzu Spring Security Vulnerability
November 18, 2022Rewterz Threat Update – Iran-linked Threat Actors Compromise US Government Network
November 18, 2022Severity
High
Analysis Summary
CVE-2021-1050 CVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write due to a missing bounds check in MMU_UnmapPages of the PowerVR kernel driver. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-20453 CVSS:6.2
Google Android is vulnerable to a denial of service, caused by a constriction of directory permissions due to a path traversal error in the update function in MmsProvider.java. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-20457 CVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by a possible prevention of package installation due to improper input validation in the getMountModeInternal function in StorageManagerService.java. By executing a specially-crafted program, an attacker could exploit this vulnerability to gain elevated privileges.
Impact
- Privilege Escalation
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2021-1050
- CVE-2022-20453
- CVE-2022-20457
Affected Vendors
Google Andriod
Affected Products
- Google Android 10
- Google Android 11
- Google Android 12
- Google Android 12L
- Google Android 13a
Remediation
Upgrade to the latest version of Android, available from the Google Website.