CVE-2022-41419 Bento4 v1.6.0-639 had a memory leak in the mp4encrypt binary.

Processes with long running tasks would consume all of the available memory on the device, eventually leading to a kernel panic. Android users running devices with Bento4 installations are advised to upgrade as soon as possible. Bento4 is a custom build of Android used by some Chinese manufacturers that is pre-installed on many devices. Android users are encouraged to confirm the version of Bento4 installed on their device by navigating to Settings -> About Device -> Bento4 version. Android users with Bento4 installations are advised to monitor relevant logs, and upgrade Bento4 as soon as possible. Bento4 is a custom build of Android used by some Chinese manufacturers that is pre-installed on many devices. Android users are encouraged to confirm the version of Bento4 installed on their device by navigating to Settings -> About Device -> Bento4 version.

CVE-2021-41415

The Linux kernel in the Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel before security patch level 2018-07-05 on MSM devices is affected by a memory corruption issue.

What to do if you are affected by CVE-2022-41419

Android users are urged to upgrade their device as soon as possible. Android users with Bento4 installations are advised to monitor relevant logs, and upgrade Bento4 as soon as possible.

Timeline

Published on: 10/03/2022 14:15:00 UTC
Last modified on: 10/05/2022 13:14:00 UTC

References

• https://github.com/axiomatic-systems/Bento4/issues/766
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41419