Improper data handling due to uninitialized memory access, buffer overflow, or remote code execution in kernel.
Denial of service due to memory exhaustion via AF_INET socket in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Excessive memory consumption due to uninitialized memory access, buffer overflow, or remote code execution in kernel.
RCE due to unchecked input validation via AF_INET socket in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Sensitive information disclosure due to insufficient input validation via AF_INET socket in Snapdragon Industrial IOT
Excessive memory consumption due to unchecked input validation via AF_INET socket in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables
Impacted products include:
Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Impacted versions include:
In the last week of June, a critical vulnerability was discovered in the kernel of many Android smartphones. The problem lies in how the Android operating system interacts with the Linux kernel. If a user on your network is using an affected Android device, an attacker could use this vulnerability to gain access to the user’s data
What is the Android kernel?
The Android kernel is part of the operating system for all Android devices. The Android kernel handles memory management and provides the interface between the hardware and application software.
How does this vulnerability occur?
The problem occurs when an attacker sends a specially crafted packet to the affected device. If the attacker’s packet triggers a buffer overflow or uninitialized memory access, then the attacker can gain control of the device’s kernel.
What you should do if you are affected
If you are using an affected device, you should promptly install the security updates released by your respective mobile device manufacturer. Additionally, you should change your password for any sites where you saved sensitive information.
The following devices have been reported to be affected:
In the last week of June, a critical vulnerability was discovered in the kernel of many Android smartphones. The problem lies in how the Android operating system interacts with the Linux kernel. If a user on your network is using an affected Android device, an attacker could use this vulnerability to gain access to the user’s data.
What is the Android kernel vulnerability?
As an operating system, Android relies heavily on the Linux kernel to manage its hardware and carry out its tasks. However, a vulnerability was discovered in the way that Android interacted with the kernel in a way that it did not properly handle memory. An attacker could use this vulnerability to gain access to sensitive data on an affected device.
Timeline
Published on: 10/19/2022 11:15:00 UTC
Last modified on: 10/21/2022 19:59:00 UTC