Google has published its first security bulletin of 2023 with details of security vulnerabilities affecting Android devices. Patch level 2023-01-01 includes 20 issues and patch level 2023-01-05 includes fixes for another 40 issues.
The Android security patch level refers to a monthly manifest of security patches rolled out by Google in an effort to close up security holes and malicious code exploits in the Android OS. The more recent your patch level, the less vulnerable your device is to security exploits.
The vulnerabilities that stand out the most in this round are three critical and one high severity vulnerabilities in the Android kernel. But there are some other critical issues to keep an eye on.
Mitigation
If your Android phone is at patch level 2023-01-05 or later then the issues discussed below have been fixed. The updates have been made available for Android 10, 11, 12, 12L and 13. Android partners are notified of all issues at least a month before publication. However, this doesn’t always mean that the patches are available for devices from all vendors.
You can find your device’s Android version number, security update level, and Google Play system level in your Settings app. You’ll get notifications when updates are available for you, but you can also check for updates.
For most phones it works like this: Under About phone or About device you can tap on Software updates to check if there are new updates available for your device, although there may be slight differences based on the brand, type, and Android version of your device.
Kernel
Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). Below are details for the three critical ones in the kernel.
CVE-2022-42719: A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.
CVE-2022-42720: Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.
CVE-2022-42721: A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.
mac80211
mac80211 is a framework which driver developers can use to write drivers for SoftMAC wireless devices. SoftMAC devices allow for a finer control of the hardware, allowing for 802.11 frame management to be done in software for them, for both parsing and generation of 802.11 wireless frames.
The main purpose of a wireless LAN is to transport data. The 802.11 standard defines various frame types that stations use for communications, as well as managing and controlling the wireless link. 802.11 defines a data frame type that carries packets from higher layers, such as web pages, printer control data, etc., within the body of the frame.
All three critical vulnerabilities in the kernel require a remote attacker to be on the local network and they need to be able to inject WLAN frames to successfully exploit the remote code execution (RCE) vulnerabilities.
WLAN
Another option for attackers that are able to inject WLAN frames is the also critical vulnerability listed as CVE-2022-41674 which is an issue in the Linux kernel before 5.19.16. Attackers could inject WLAN frames and cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.
A buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region.
Qualcomm
Another critical vulnerability lies in the Qualcomm Bluetooth component and is listed as CVE-2022-22088. The description of the vulnerability says it’s a memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote. The vulnerability has a CVSS score of 9.8 (out of 10). The vulnerability only applies to devices with certain Qualcomm chipsets. A full list of those chipsets can be found in the Qualcomm January 2023 Security Bulletin by looking at the details for this CVE number.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.