Fwd: [CIVN-2020-0273] Multiple Vulnerabilities in Google Android

Severity Rating: Critical

Software Affected

●      Google Android versions 8.0,8.1,9,10

Overview

Multiple vulnerabilities have been reported in Google Android which could

allow a remote attacker to gain elevated privileges, obtain sensitive

information, execute remote code and cause Denial of service condition on

the targeted system.

Description

These vulnerabilities exist in Framework, Media framework, System, Broadcom

components, Kernel Components, Media Tek components, Qualcomm components,

Qualcomm closed-source components of Google Android. A remote attacker

could exploit these vulnerabilities by hosting a specially crafted file

designed to exploit the vulnerabilities.

Successful exploitation of these vulnerabilities could allow an attacker to

gain elevated privileges, disclose sensitive information, execute remote

and cause Denial of Service condition on the targeted system.

Solution

Apply appropriate fix as mentioned in Google Android Security Advisory

Vendor Information

Android

References

Android

CVE Name

CVE-2018-20669

CVE-2019-10580

CVE-2019-14123

CVE-2019-14124

CVE-2019-14130

CVE-2019-18282

CVE-2019-20636

CVE-2019-9501

CVE-2019-9502

CVE-2020-0107

CVE-2020-0122

CVE-2020-0224

CVE-2020-0225

CVE-2020-0226

CVE-2020-0227

CVE-2020-0228

CVE-2020-0230

CVE-2020-0231

CVE-2020-3688

CVE-2020-3698

CVE-2020-3699

CVE-2020-3700

CVE-2020-3701

CVE-2020-9589