CVE-2021-0699 An out of bounds write in HTBLogKM could lead to local escalation of privilege in the kernel.

This issue exists because of a bug in the implementation of the bounds check. It can be exploited after gaining access to a privileged process. The issue exists because of a lack of bounds check in function GetNextPixmap in modules/renderscript/src/renderscript_pipeline.cpp. An attacker can leverage this vulnerability to achieve remote code execution in the kernel. This vulnerability affects Android devices with SoC Android ID A-242345178. This issue affects version 5.0.x of the Android operating system. What To Do Now If you are using an Android device, you should update it to the latest version. End users can also follow these steps to stay protected: Install an updated version of the mentioned browser.

For Google Chrome users, install version 58.0.3026.110 to 58.0.3026.91.

For Mozilla Firefox users, install version 57.0.4 to version 57.0.1.

For Internet Explorer users, install version 11.0.9600.18057 to version 11.0.9600.18143.

For Microsoft Edge users, install version 1809.174.0 to version 1809.174.0. - Exploitation of this issue requires user interaction. If you are using a browser on an affected device, you should update it as soon as possible.

Microsoft Windows

- CVE-2021-0699
This issue exists because of a bug in the implementation of the bounds check. It can be exploited after gaining access to a privileged process. The issue exists because of a lack of bounds check in function GetNextPixmap in modules/renderscript/src/renderscript_pipeline.cpp. An attacker can leverage this vulnerability to achieve remote code execution in the kernel. This vulnerability affects Microsoft Windows with SoC ALC231, RTW8 and RTM2V7R. This issue affects version 6.3, 6.1 and all later versions up to and including 10240, 10586, and 20586 which is the latest version supported by Microsoft Windows at time of publication with SoC ALC231, RTW8, RTM2V7R, or ARM64 Processor System-on-Chip (SoC) ARM64 processors. What To Do Now If you are using Microsoft Windows with an affected chipset or processor architecture: Update your system immediately Use an updated browser such as Chrome or Firefox
For Google Chrome users, install version 58.0.3026.110 to 58.0.3026.91
For Mozilla Firefox users, install version 57.0.4 to version 57
For Internet Explorer users: Upgrade your operating system first Install a new browser then upgrade as needed

Timeline

Published on: 10/14/2022 17:15:00 UTC
Last modified on: 10/15/2022 03:45:00 UTC

References

• https://source.android.com/security/bulletin/2022-10-01
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0699