Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

wnpa-sec-2022-04 · CSN.1 dissector crash

**Summary**

**Name:** CSN.1 dissector crash

**Docid:** wnpa-sec-2022-04

**Date:** February 10, 2022

**Affected versions:** 3.6.0 to 3.6.1, 3.4.0 to 3.4.11

**Fixed versions:** 3.6.2, 3.4.12

**References:**  
Wireshark issue 17882

**Details****Description**

The CSN.1 protocol dissector could crash on some platforms. Discovered by Sharon Brizinov.

**Impact**

It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

**Resolution**

Upgrade to Wireshark 3.6.2, 3.4.12 or later.

CVE-2022-0582: Wireshark · wnpa-sec-2022-04 · CSN.1 dissector crash

Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2022-02-07-6714.pcap

stderr:

    Branch: HEAD
    
    Input file: /var/menagerie/menagerie/13895-x509-ce-distribution-points-dissection-problem.pcapng
    
    Build host information:
    Linux 5.4.0-96-generic #109-Ubuntu SMP Wed Jan 12 16:49:16 UTC 2022 x86_64
    Distributor ID:	Ubuntu
    Description:	Ubuntu 20.04.3 LTS
    Release:	20.04
    Codename:	focal
    
    Branch: release-3.4
    
    CI job name: ASan Menagerie Fuzz, ID: 2060427609
    
    Return value:  0
    
    Dissector bug:  0
    
    Valgrind error count:  0
    
    Latest (but not necessarily the problem) commit:
    e9c3dfe05 [Automatic update for 2022-02-06]
    Command and args: /builds/wireshark/wireshark/_install/bin/tshark -2  -nVxr
    Running as user "root" and group "root". This could be dangerous.
    =================================================================
    ==87972==ERROR: AddressSanitizer: heap-use-after-free on address 0x606000886420 at pc 0x5604c9392069 bp 0x7ffe62ef3be0 sp 0x7ffe62ef33a0
    READ of size 28 at 0x606000886420 thread T0
        #0 0x5604c9392068 in strlen (/builds/wireshark/wireshark/_install/bin/tshark+0x6e068)
        #1 0x7f9e573a6147 in g_strdup (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72147)
        #2 0x7f9e63f2bc6b in find_string_dtbl_entry /builds/wireshark/wireshark/build/../epan/packet.c:1496:9
        #3 0x7f9e63f2c041 in dissector_try_string_new /builds/wireshark/wireshark/build/../epan/packet.c:1692:15
        #4 0x7f9e63f2c206 in dissector_try_string /builds/wireshark/wireshark/build/../epan/packet.c:1739:9
        #5 0x7f9e6100e26d in call_ber_oid_callback /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:1101:17
        #6 0x7f9e631995f1 in dissect_cms_T_parameters /builds/wireshark/wireshark/build/./asn1/cms/cms.cnf:220:10
        #7 0x7f9e61017bed in dissect_ber_sequence /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:2444:17
        #8 0x7f9e63199477 in dissect_cms_SMIMECapability /builds/wireshark/wireshark/build/./asn1/cms/cms.cnf:236:12
        #9 0x7f9e61020437 in dissect_ber_sq_of /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:3556:9
        #10 0x7f9e610206f2 in dissect_ber_sequence_of /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:3584:12
        #11 0x7f9e63199407 in dissect_cms_SMIMECapabilities /builds/wireshark/wireshark/build/./asn1/cms/cms.cnf:249:12
        #12 0x7f9e63194397 in dissect_SMIMECapabilities_PDU /builds/wireshark/wireshark/build/./asn1/cms/cms.cnf:893:12
        #13 0x7f9e63f361d1 in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:720:9
        #14 0x7f9e63f2b000 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:813:9
        #15 0x7f9e63f2c136 in dissector_try_string_new /builds/wireshark/wireshark/build/../epan/packet.c:1714:9
        #16 0x7f9e63f2c206 in dissector_try_string /builds/wireshark/wireshark/build/../epan/packet.c:1739:9
        #17 0x7f9e6100e26d in call_ber_oid_callback /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:1101:17
        #18 0x7f9e63ba9279 in dissect_x509af_T_extnValue /builds/wireshark/wireshark/build/./asn1/x509af/x509af.cnf:146:10
        #19 0x7f9e61017bed in dissect_ber_sequence /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:2444:17
        #20 0x7f9e63ba6447 in dissect_x509af_Extension /builds/wireshark/wireshark/build/./asn1/x509af/x509af.cnf:163:12
        #21 0x7f9e61020437 in dissect_ber_sq_of /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:3556:9
        #22 0x7f9e610206f2 in dissect_ber_sequence_of /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:3584:12
        #23 0x7f9e63ba64b7 in dissect_x509af_Extensions /builds/wireshark/wireshark/build/./asn1/x509af/x509af.cnf:176:12
        #24 0x7f9e61017bed in dissect_ber_sequence /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:2444:17
        #25 0x7f9e63ba9367 in dissect_x509af_T_signedCertificate /builds/wireshark/wireshark/build/./asn1/x509af/x509af.cnf:199:12
        #26 0x7f9e61017bed in dissect_ber_sequence /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:2444:17
        #27 0x7f9e63ba6527 in dissect_x509af_Certificate /builds/wireshark/wireshark/build/./asn1/x509af/x509af.cnf:226:12
        #28 0x7f9e6293c5e9 in ssl_dissect_hnd_cert /builds/wireshark/wireshark/build/../epan/dissectors/packet-tls-utils.c:8838:13
        #29 0x7f9e629656ca in dissect_tls_handshake_full /builds/wireshark/wireshark/build/../epan/dissectors/packet-tls.c:2676:17
        #30 0x7f9e629632fa in dissect_tls_handshake /builds/wireshark/wireshark/build/../epan/dissectors/packet-tls.c:2495:9
        #31 0x7f9e6295ed72 in dissect_ssl3_record /builds/wireshark/wireshark/build/../epan/dissectors/packet-tls.c:2005:13
        #32 0x7f9e6295aa21 in dissect_ssl /builds/wireshark/wireshark/build/../epan/dissectors/packet-tls.c:745:26
        #33 0x7f9e63f361d1 in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:720:9
        #34 0x7f9e63f2b000 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:813:9
        #35 0x7f9e63f32a20 in call_dissector_only /builds/wireshark/wireshark/build/../epan/packet.c:3233:8
        #36 0x7f9e63f27024 in call_dissector_with_data /builds/wireshark/wireshark/build/../epan/packet.c:3246:8
        #37 0x7f9e63f32a61 in call_dissector /builds/wireshark/wireshark/build/../epan/packet.c:3263:9
        #38 0x7f9e61642dd2 in dissect_eap /builds/wireshark/wireshark/build/../epan/dissectors/packet-eap.c:1938:13
        #39 0x7f9e63f361d1 in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:720:9
        #40 0x7f9e63f2b000 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:813:9
        #41 0x7f9e63f2a919 in dissector_try_uint_new /builds/wireshark/wireshark/build/../epan/packet.c:1413:8
        #42 0x7f9e61649839 in dissect_eapol /builds/wireshark/wireshark/build/../epan/dissectors/packet-eapol.c:132:8
        #43 0x7f9e63f361d1 in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:720:9
        #44 0x7f9e63f2b000 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:813:9
        #45 0x7f9e63f2a919 in dissector_try_uint_new /builds/wireshark/wireshark/build/../epan/packet.c:1413:8
        #46 0x7f9e63f2b3eb in dissector_try_uint /builds/wireshark/wireshark/build/../epan/packet.c:1437:9
        #47 0x7f9e61d70341 in dissect_snap /builds/wireshark/wireshark/build/../epan/dissectors/packet-llc.c:552:9
        #48 0x7f9e61d71134 in dissect_llc /builds/wireshark/wireshark/build/../epan/dissectors/packet-llc.c:434:3
        #49 0x7f9e63f361d1 in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:720:9
        #50 0x7f9e63f2b000 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:813:9
        #51 0x7f9e63f32a20 in call_dissector_only /builds/wireshark/wireshark/build/../epan/packet.c:3233:8
        #52 0x7f9e63f27024 in call_dissector_with_data /builds/wireshark/wireshark/build/../epan/packet.c:3246:8
        #53 0x7f9e63f32a61 in call_dissector /builds/wireshark/wireshark/build/../epan/packet.c:3263:9
        #54 0x7f9e61aa467a in dissect_ieee80211_common /builds/wireshark/wireshark/build/../epan/dissectors/packet-ieee80211.c:26880:11
        #55 0x7f9e61a74706 in dissect_ieee80211 /builds/wireshark/wireshark/build/../epan/dissectors/packet-ieee80211.c:26932:10
        #56 0x7f9e63f361d1 in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:720:9
        #57 0x7f9e63f2b000 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:813:9
        #58 0x7f9e63f32a20 in call_dissector_only /builds/wireshark/wireshark/build/../epan/packet.c:3233:8
        #59 0x7f9e63f27024 in call_dissector_with_data /builds/wireshark/wireshark/build/../epan/packet.c:3246:8
        #60 0x7f9e61a4e021 in dissect_wlan_radio /builds/wireshark/wireshark/build/../epan/dissectors/packet-ieee80211-radio.c:1513:10
        #61 0x7f9e63f361d1 in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:720:9
        #62 0x7f9e63f2b000 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:813:9
        #63 0x7f9e63f32a20 in call_dissector_only /builds/wireshark/wireshark/build/../epan/packet.c:3233:8
        #64 0x7f9e63f27024 in call_dissector_with_data /builds/wireshark/wireshark/build/../epan/packet.c:3246:8
        #65 0x7f9e61a60959 in dissect_radiotap /builds/wireshark/wireshark/build/../epan/dissectors/packet-ieee80211-radiotap.c:3104:2
        #66 0x7f9e63f361d1 in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:720:9
        #67 0x7f9e63f2b000 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:813:9
        #68 0x7f9e63f32a20 in call_dissector_only /builds/wireshark/wireshark/build/../epan/packet.c:3233:8
        #69 0x7f9e6175f8b6 in dissect_frame /builds/wireshark/wireshark/build/../epan/dissectors/packet-frame.c:783:6
        #70 0x7f9e63f361d1 in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:720:9
        #71 0x7f9e63f2b000 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:813:9
        #72 0x7f9e63f32a20 in call_dissector_only /builds/wireshark/wireshark/build/../epan/packet.c:3233:8
        #73 0x7f9e63f27024 in call_dissector_with_data /builds/wireshark/wireshark/build/../epan/packet.c:3246:8
        #74 0x7f9e63f2680f in dissect_record /builds/wireshark/wireshark/build/../epan/packet.c:594:3
        #75 0x7f9e63ef5f88 in epan_dissect_run_with_taps /builds/wireshark/wireshark/build/../epan/epan.c:598:2
        #76 0x5604c945e357 in process_packet_second_pass /builds/wireshark/wireshark/build/../tshark.c:3250:5
        #77 0x5604c945c88e in process_cap_file_second_pass /builds/wireshark/wireshark/build/../tshark.c:3389:9
        #78 0x5604c94569b6 in process_cap_file /builds/wireshark/wireshark/build/../tshark.c:3650:28
        #79 0x5604c94504c8 in main /builds/wireshark/wireshark/build/../tshark.c:2102:16
        #80 0x7f9e5711e0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
        #81 0x5604c937f43d in _start (/builds/wireshark/wireshark/_install/bin/tshark+0x5b43d)
    
    0x60600088643b is located 0 bytes to the right of 59-byte region [0x606000886400,0x60600088643b)
    freed by thread T0 here:
        #0 0x5604c93f78fd in free (/builds/wireshark/wireshark/_install/bin/tshark+0xd38fd)
        #1 0x7f9e63e00f03 in wmem_free /builds/wireshark/wireshark/build/../epan/wmem/wmem_core.c:65:9
        #2 0x7f9e63e0b01b in wmem_strict_free /builds/wireshark/wireshark/build/../epan/wmem/wmem_allocator_strict.c:127:5
        #3 0x7f9e63e0b0c4 in wmem_strict_free_all /builds/wireshark/wireshark/build/../epan/wmem/wmem_allocator_strict.c:182:9
        #4 0x7f9e63e01279 in wmem_free_all_real /builds/wireshark/wireshark/build/../epan/wmem/wmem_core.c:104:5
        #5 0x7f9e63e011d6 in wmem_free_all /builds/wireshark/wireshark/build/../epan/wmem/wmem_core.c:110:5
        #6 0x7f9e63e10a1a in wmem_leave_packet_scope /builds/wireshark/wireshark/build/../epan/wmem/wmem_scopes.c:69:5
        #7 0x7f9e63ef5f2d in epan_dissect_run /builds/wireshark/wireshark/build/../epan/epan.c:588:2
        #8 0x5604c945db37 in process_packet_first_pass /builds/wireshark/wireshark/build/../tshark.c:3028:5
        #9 0x5604c945bf2f in process_cap_file_first_pass /builds/wireshark/wireshark/build/../tshark.c:3165:9
        #10 0x5604c945696c in process_cap_file /builds/wireshark/wireshark/build/../tshark.c:3631:25
        #11 0x5604c94504c8 in main /builds/wireshark/wireshark/build/../tshark.c:2102:16
        #12 0x7f9e5711e0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    
    previously allocated by thread T0 here:
        #0 0x5604c93f7b7d in malloc (/builds/wireshark/wireshark/_install/bin/tshark+0xd3b7d)
        #1 0x7f9e5738be98 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x57e98)
        #2 0x7f9e63e0a8ab in wmem_strict_alloc /builds/wireshark/wireshark/build/../epan/wmem/wmem_allocator_strict.c:81:46
        #3 0x7f9e63e0ac94 in wmem_strict_realloc /builds/wireshark/wireshark/build/../epan/wmem/wmem_allocator_strict.c:139:15
        #4 0x7f9e63e011b0 in wmem_realloc /builds/wireshark/wireshark/build/../epan/wmem/wmem_core.c:96:12
        #5 0x7f9e63e1327c in wmem_strbuf_finalize /builds/wireshark/wireshark/build/../epan/wmem/wmem_strbuf.c:296:19
        #6 0x7f9e63f1d4dc in rel_oid_subid2string /builds/wireshark/wireshark/build/../epan/oids.c:898:9
        #7 0x7f9e63f18a07 in oid_subid2string /builds/wireshark/wireshark/build/../epan/oids.c:875:9
        #8 0x7f9e63f1f5f4 in oid_encoded2string /builds/wireshark/wireshark/build/../epan/oids.c:1164:9
        #9 0x7f9e6101dd26 in dissect_ber_any_oid_str /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:3285:30
        #10 0x7f9e6101dec2 in dissect_ber_object_identifier_str /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:3319:12
        #11 0x7f9e631994df in dissect_cms_T_capability /builds/wireshark/wireshark/build/./asn1/cms/cms.cnf:210:14
        #12 0x7f9e61017bed in dissect_ber_sequence /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:2444:17
        #13 0x7f9e63199477 in dissect_cms_SMIMECapability /builds/wireshark/wireshark/build/./asn1/cms/cms.cnf:236:12
        #14 0x7f9e61020437 in dissect_ber_sq_of /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:3556:9
        #15 0x7f9e610206f2 in dissect_ber_sequence_of /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:3584:12
        #16 0x7f9e63199407 in dissect_cms_SMIMECapabilities /builds/wireshark/wireshark/build/./asn1/cms/cms.cnf:249:12
        #17 0x7f9e63194397 in dissect_SMIMECapabilities_PDU /builds/wireshark/wireshark/build/./asn1/cms/cms.cnf:893:12
        #18 0x7f9e63f361d1 in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:720:9
        #19 0x7f9e63f2b000 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:813:9
        #20 0x7f9e63f2c136 in dissector_try_string_new /builds/wireshark/wireshark/build/../epan/packet.c:1714:9
        #21 0x7f9e63f2c206 in dissector_try_string /builds/wireshark/wireshark/build/../epan/packet.c:1739:9
        #22 0x7f9e6100e26d in call_ber_oid_callback /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:1101:17
        #23 0x7f9e63ba9279 in dissect_x509af_T_extnValue /builds/wireshark/wireshark/build/./asn1/x509af/x509af.cnf:146:10
        #24 0x7f9e61017bed in dissect_ber_sequence /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:2444:17
        #25 0x7f9e63ba6447 in dissect_x509af_Extension /builds/wireshark/wireshark/build/./asn1/x509af/x509af.cnf:163:12
        #26 0x7f9e61020437 in dissect_ber_sq_of /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:3556:9
        #27 0x7f9e610206f2 in dissect_ber_sequence_of /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:3584:12
        #28 0x7f9e63ba64b7 in dissect_x509af_Extensions /builds/wireshark/wireshark/build/./asn1/x509af/x509af.cnf:176:12
        #29 0x7f9e61017bed in dissect_ber_sequence /builds/wireshark/wireshark/build/../epan/dissectors/packet-ber.c:2444:17
    
    SUMMARY: AddressSanitizer: heap-use-after-free (/builds/wireshark/wireshark/_install/bin/tshark+0x6e068) in strlen
    Shadow bytes around the buggy address:
      0x0c0c80108c30: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fa
      0x0c0c80108c40: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
      0x0c0c80108c50: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
      0x0c0c80108c60: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fa
      0x0c0c80108c70: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
    =>0x0c0c80108c80: fd fd fd fd[fd]fd fd fd fa fa fa fa fd fd fd fd
      0x0c0c80108c90: fd fd fd fa fa fa fa fa 00 00 00 00 00 00 00 00
      0x0c0c80108ca0: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
      0x0c0c80108cb0: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
      0x0c0c80108cc0: fd fd fd fd fa fa fa fa 00 00 00 00 00 00 00 00
      0x0c0c80108cd0: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
    Shadow byte legend (one shadow byte represents 8 application bytes):
      Addressable:           00
      Partially addressable: 01 02 03 04 05 06 07 
      Heap left redzone:       fa
      Freed heap region:       fd
      Stack left redzone:      f1
      Stack mid redzone:       f2
      Stack right redzone:     f3
      Stack after return:      f5
      Stack use after scope:   f8
      Global redzone:          f9
      Global init order:       f6
      Poisoned by user:        f7
      Container overflow:      fc
      Array cookie:            ac
      Intra object redzone:    bb
      ASan internal:           fe
      Left alloca redzone:     ca
      Right alloca redzone:    cb
      Shadow gap:              cc
    ==87972==ABORTING
    
    fuzz-test.sh stderr:
    Running as user "root" and group "root". This could be dangerous.

_no debug trace_

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

CVE-2022-0581: Fuzz job crash output: fuzz-2022-02-07-6714.pcap (#17935) · Issues · Wireshark Foundation / wireshark

Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

**Replace CVE-2022-0583.json**

Attach a file by drag & drop or click to upload

  

Commit message

Cancel

GitLab will create a branch in your fork and start a merge request.

CVE-2022-0583: 2022/CVE-2022-0583.json · master · GitLab.org / cves

An Arbitrary File Deletion vulnerability exists in SourceCodester Attendance Management System v1.0 via the csv parameter in admin/pageUploadCSV.php, which can cause a Denial of Service (crash).

Submitted by razormist on Friday, February 5, 2021 - 10:22.

![](https://www.sourcecodester.com/sites/default/files/styles/large/public/2020-04/images/attendance-management-system_1.png?itok=RiD4Q5YS)

The **Attendance Management System** with Source Code is a **PHP** project that can maintain daily attendance records easily and conveniently. This system was created using **PHP, HTML, MYSQLi,** and **Javascript**.

This application is easy to use, the user has access to all data that is related to student information. You can view the details and add some new information for courses, units, etc. The system data/lists can be **printed** and exported to **CSV, Excel, and PDF**. The administrator can manipulate the information and also maintain the security of the system. Database backups can also be generated through admin permission.

****Features****

*   **Manage Courses**
*   **Manage Units**
*   **Manage Student**
*   **Manage Attendance**
*   **Manage Website Settings**
*   **Manage User Accounts**
*   **Manage User Groups**

****How to Run****

**Requirements**

*   **Download** and **Install** any **local web server** such as **XAMPP/WAMP.**
*   **Download** and **Extract** the source code **zip** file.

**Installation**

*   **Open** the **XAMPP/WAMP's Control Panel** and start **"Apache"** and **"MySQL"**.
*   If you are using **XAMPP**, **copy** the **extracted folder** and **paste** it into the **XAMPP's "htdocs" directory**. If you are using **WAMP**, **paste** it into the **"www" directory**.
*   **Locate** the **SQL** file in the extracted source code folder. The **SQL** file is known as **"attendance\_management.sql"** and located inside the **"db"** folder.
*   **Open** a **web browser** and browse the **PHPMyAdmin**. (http://localhost/phpmyadmin)
*   **Create** a new **database** naming **"attendance\_management"**.
*   **Import** the **SQL** file to your newly created database.
*   **Open** a **web browser** and browse the **web application**. (http://localhost/Attendance%20Management%20System/)

**Admin Access**

Username: **admin**  
Password: **admin**

**Demo**

That's it! I hope that this system can help you with what you are looking for. For more updates and tutorials just kindly visit this site.

**Enjoy Coding!!**

*   14313 views

CVE-2021-45348: Attendance Management System using PHP with Source Code

A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service.

**突破墙的约束，畅享3000兆Wi-Fi 6****AX3000双频千兆Wi-Fi 6无线路由器【信号增强版】**

![AX12](https://www.tenda.com.cn/resource/products/AX12/1-0.png)

![AX12](https://www.tenda.com.cn/resource/products/AX12/1-1.png)![AX12](https://www.tenda.com.cn/resource/products/AX12/bg1.png)

**突破墙的约束 信号如此强悍****腾达AX12外置四颗独立信号增强模块，搭配四根6dBi高增益天线让信号释放更加强劲，势不可挡，突破墙的约束，畅享三千兆级Wi-Fi6**

![AX12](https://www.tenda.com.cn/resource/products/AX12/bg2.png)

**Wi-Fi6终端网速 实测提升1.5倍****日益增多的新手机、Pad、电脑、网卡、智能电视都已经逐渐开始支持Wi-Fi 6技术，配合腾达AX12无线路由器，相比AC2600 Wi-Fi5路由器无线峰值速率最高可提升1.2倍，相比AC1900 Wi-Fi5路由器无线峰值速率最高可提升1.5倍。**

![](https://www.tenda.com.cn/resource/products/AX12/3-1.png)

**\* 测试拓扑**

![](https://www.tenda.com.cn/resource/products/AX12/3-2.png)

**\* 陪测终端**

华为P40、苹果iPhone11、小米10、三星S10、Intel AX200网卡、华硕PCE-AC88网卡

**\* 测试说明**

中国电信1000M宽带下，每个配测终端使用5GHz分别连接到AX12/AC2600/AC1900使用Speedtest测速3次，取所有终端中最高测试的数据。

![AX12](https://www.tenda.com.cn/resource/products/AX12/bg3.png)

\*以上数据由腾达实验室测试，仅供参考  
目前支持Wi-Fi6 的终端有：华为P40系列、小米10系列、Reno 3、iQOO 3、华硕PCE-AC88网卡、腾达E30、Galaxy S10系列、Galaxy S20系列、Intel AX200/AX201、Galaxy Note10系列、iPhone11系列、Find x2系列、vivo APEX 2020、iPad pro 2020、Realme X50 Pro等）

**网速齐飚 多人上网更畅快****采用MU-MIMO + OFDMA技术，显著提升网络性能与效率、延时更低，满足多人在线游戏、观看超清视频更流畅。**

![AX12](https://www.tenda.com.cn/resource/products/AX12/bg4.png)

![AX12](https://www.tenda.com.cn/resource/products/AX12/4-1.png)

◆ OFDMA技术加持，同一时刻传输多个用户数据，延时更低，效率更高。

◆ 无OFDMA技术加持，同一时刻只能传输1个用户数据，延时高，效率低。

\* 此功能需要终端设备支持OFDMA和MU-MIMO技术

**四颗强劲信号模块 突破墙的约束 覆盖更广****2.4GHz和5GHz频段均采用2颗外置信号增强模块（FEM），同时提升信号增强和接受能力，覆盖范围更广。**

![AX12](https://www.tenda.com.cn/resource/products/AX12/bg5.png)

**抗干扰 高效通信 上网更畅快****支持BSS Coloring着色技术，增强抗邻居家Wi-Fi干扰的能力，有效缓解同频干扰，提升频谱利用率与通信效率，有效提高整个网络的通信效率，提升空间复用率，打造专属你的网络空间。**

![AX12](https://www.tenda.com.cn/resource/products/AX12/bg6.png)

\* 此功能需要终端设备支持OFDMA和MU-MIMO技术

**支持IPv6 海量IP 上网更顺畅****传统IPv4协议路由器上网，需要经过地址转换。IPv6协议具有海量的IP地址空间，上网无需经过地址转换，可缩短上网设备与服务器端的数据传输时间，时延更短，游戏更畅快 。**

![AX12](https://www.tenda.com.cn/resource/products/AX12/bg7.png)

**支持WPA3 防破译 更安全****WPA3是新一代Wi-Fi安全标准，更成熟的身份认证算法，极大的增强了网络密码破解难度，能阻止强力攻击，暴力破解，使家庭网络信息安全得到更加有效的保护。**

![AX12](https://www.tenda.com.cn/resource/products/AX12/bg8.png)

**支持TWT 用时唤醒 低功耗 长续航****支持TWT技术，改变传统设备一直待命待机状态，当设备收到传输指令后，才进行连接，有效实现设备用时唤醒，降低终端设备能耗，延长终端设备电池寿命。**

![AX12](https://www.tenda.com.cn/resource/products/AX12/bg9.png)

**手机APP管理 随时随地掌控网络****手机下载Tenda App，随时掌控家中网络和设备情况；防蹭网、信道优化、信道强度调节、安全检测、云管理等一系列功能，通过App一键设置，随时随地，轻松玩转。**

![AX12](https://www.tenda.com.cn/resource/products/AX12/bg10.png)

![Tenda](https://www.tenda.com.cn/resource/products/AX12/11-1.png)

**访客网络**

保护隐私与安全

![Tenda](https://www.tenda.com.cn/resource/products/AX12/11-2.png)

**定时开关**

Wi-Fi定时  
智能环保

![Tenda](https://www.tenda.com.cn/resource/products/AX12/11-3.png)

**家长控制**

合理管控  
小孩上网时长

![Tenda](https://www.tenda.com.cn/resource/products/AX12/11-4.png)

**双频合一**

支持双频合一  
自动优选5G频段

![Tenda](https://www.tenda.com.cn/resource/products/AX12/11-5.png)

**信号调节**

支持信号强度调节  
多穿一堵墙

![Tenda](https://www.tenda.com.cn/resource/products/AX12/11-6.png)

**黑白名单**

支持黑白名单  
防止有效蹭网

CVE-2021-45392: AX12 AX3000双频千兆Wi-Fi 6无线路由器_腾达(Tenda)官方网站

** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced.

![Emerson](https://www.swascan.com/wp-content/uploads/2022/01/Emerson-scaled.jpg)

**1.Technical Summary**

Swascan’s Cyber Security Research Team detected some important potential vulnerabilities on:

*   Dixell **XWEB-500**

Detected vulnerabilities were:

Vulnerability

Assets

CVSSv3

Severity

**Arbitrary File Write**

http://<target>/cgi-bin/logo\_extra\_upload.cgi

http://<target>/cgi-bin/cal\_save.cgi

http://<target>/cgi-bin/lo\_utils.cgi

**7.5**

**HIGH**

**Directory Listing**

http://<target>/cgi-bin/lo\_utils.cgi

**5.3**

**MEDIUM**

In the following section we are reporting some technical details on these vulnerabilities including evidences and proof-of-concepts.

**2.Vulnerability details****Arbitrary File Write**

CWE-73: _External Control of File Name or Path_  
CVSSv3: **7.5**\[AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\]

Description

Emerson Dixell XWEB-500 products are vulnerable to Arbitrary File Write attack. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to filesystem space bursting and, as so a Denial of Service.

**Assets**

*   http://<target>/cgi-bin/logo\_extra\_upload.cgi
*   http://<target>/cgi-bin/cal\_save.cgi
*   http://<target>/cgi-bin/lo\_utils.cgi

**Proof of Concept**

The next images represent the evidence of the vulnerability and how it was possible to write any files into the filesystem using the CGIs listed in the previous sections:

![](https://www.swascan.com/wp-content/uploads/2022/01/MicrosoftTeams-image-9-1024x555.png)

Evidence 1 File write using the logo\_extra\_upload.cgi

![](https://www.swascan.com/wp-content/uploads/2022/01/PH2-2.png)

Evidence 2 File write using lo\_utils.cgi

****

![](https://www.swascan.com/wp-content/uploads/2022/01/PH3-2.png)

Evidence 3 Check file write

![](https://www.swascan.com/wp-content/uploads/2022/01/PH4-1.png)

Evidence 4 File write using cal\_save.cgi

![](https://www.swascan.com/wp-content/uploads/2022/01/PH5-1.png)

Evidence 5 Check file write

**References**

https://cwe.mitre.org/data/definitions/73.html

**Directory Listing**

CWE-548: _Exposure of Information Through Directory Listing_  
CVSSv3: **5.3** \[AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\]

**Description**

Emerson Dixell XWEB-500 products are affected by Information Disclosure via Directory Listing. A potential attacker can use this misconfiguration to access all the files present in the directories.

In this particular case, we found that the java directory was very interesting because contains many .jar files that have been used to find hidden cgi. Furthermore, this can allow finding other exploitation vectors using reverse engineering techniques.

**Assets**

*   http://<target>/<folder>/

**Proof of Concept**

The next images represent the evidence of the vulnerability and how it was possible to list the files:

![](https://www.swascan.com/wp-content/uploads/2022/01/PH6-1.png)

Evidence 6 Directory Listing

Below is a sample of the reverse engineering process to find some hidden cgi:

![](https://www.swascan.com/wp-content/uploads/2022/01/PH7.png)

Evidence 7 Hidden cgi discovery and jar reversing

**Emerson’s note**

Out of an abundance of caution, this CVE ID is being assigned to better serve customers and ensure all who are still running this product understands that the product has not been supported since 2018 and should be removed or replaced with XWEB PRO. Further information on supported Dixell products can be found at https://webapps.emerson.com/Dixell/Pages/Leaflets or by contacting customer support at dixell.servi\[email protected\].

**  
References**

*   https://cwe.mitre.org/data/definitions/548.html
*   https://cwiki.apache.org/confluence/display/httpd/DirectoryListings
*   https://preventdirectaccess.com/docs/disable-directory-listing/

**Our Services**

CVE-2021-45421: Vulnerability Report Emerson – Dixell XWEB-500 Multiple Vulnerabilities - Swascan

The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog

CVE-2022-0214

The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog

In isServiceDistractionOptimized of CarPackageManagerService.java, there is a possible disclosure of installed packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180418334

_Published February 7, 2022_

The Android Automotive OS (AAOS) Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2022-02-05 or later from the February 2022 Android Security Bulletin in addition to all issues in this bulletin.

We encourage all customers to accept these updates to their devices.

The most severe of these issues is a high security vulnerability in the AAOS component that could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

**Announcements**

*   In addition to the security vulnerabilities described in the February 2022 Android Security Bulletin, the February 2022 Android Automotive OS Update Bulletin also contains patches specifically for AAOS vulnerabilities as described below.

**2022-02-01 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2022-02-01 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Devices with Android 10 and later may receive security updates as well as Google Play system updates.

**AAOS**

The most severe vulnerability in this section could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2021-0524

A-180418334

ID

High

12

CVE-2021-39677

A-205097028

ID

High

11

**Common questions and answers**

This section answers common questions that may occur after reading this bulletin.

**1\. How do I determine if my device is updated to address these issues?**

To learn how to check a device's security patch level, read the instructions on the Google device update schedule.

*   Security patch levels of 2022-02-01 or later address all issues associated with the 2022-02-01 security patch level.

Device manufacturers that include these updates should set the patch string level to:

*   \[ro.build.version.security\_patch\]:\[2022-02-01\]

For some devices on Android 10 or later, the Google Play system update will have a date string that matches the 2022-02-01 security patch level. Please see this article for more details on how to install security updates.

**2\. What do the entries in the _Type_ column mean?**

Entries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.

 

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

**3\. What do the entries in the _References_ column mean?**

Entries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

 

Prefix

Reference

A-

Android bug ID

QC-

Qualcomm reference number

M-

MediaTek reference number

N-

NVIDIA reference number

B-

Broadcom reference number

U-

UNISOC reference number

**4\. What does an \* next to the Android bug ID in the _References_ column mean?**

Issues that are not publicly available have an \* next to the corresponding reference ID. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.

**5\. Why are security vulnerabilities split between this bulletin and device / partner security bulletins, such as the Pixel bulletin?**

Security vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device / partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as Google, Huawei, LGE, Motorola, Nokia, or Samsung.

**Versions**

  

Version

Date

Notes

1.0

February 7, 2022

Bulletin Released

CVE-2021-0524: Android Automotive OS Update Bulletin—February 2022  |  Android Open Source Project

In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197399948

_Published February 7, 2022 | Updated February 8, 2022_

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2022-02-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version.

Android partners are notified of all issues at least a month before publication. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP

The most severe of these issues is a critical security vulnerability in the System component that could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.

**Android and Google service mitigations**

This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.

*   Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
*   The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.

**2022-02-01 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2022-02-01 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Devices with Android 10 and later may receive security updates as well as Google Play system updates.

**Framework**

The most severe vulnerability in this section could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2021-39619

A-197399948

EoP

High

11, 12

CVE-2021-39662

A-197302116

EoP

High

11, 12

CVE-2021-39663

A-200682135\*

EoP

High

10

CVE-2021-39676

A-197228210\*

EoP

High

11

CVE-2021-39664

A-203938029

ID

High

12

**Media Framework**

The most severe vulnerability in this section could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2020-13112

A-194342672\*

EoP

High

10, 11

CVE-2020-13113

A-196085005\*

EoP

High

10, 11

CVE-2021-39665

A-204077881

ID

High

12

CVE-2021-39666

A-204445255 \[2\]

ID

High

11, 12

**System**

The most severe vulnerability in this section could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2021-39675

A-205729183

EoP

Critical

12

CVE-2021-39668

A-193445603

EoP

High

11, 12

CVE-2021-39669

A-196969991

EoP

High

11, 12

CVE-2021-39671

A-206718630 \[2\]

EoP

High

12

CVE-2021-39674

A-201083442

EoP

High

10, 11, 12

CVE-2021-0706

A-193444889\*

DoS

High

10, 11

**Google Play system updates**

The following issues are included in Project Mainline components.

 

Component

CVE

MediaProvider

CVE-2021-39662, CVE-2021-39663

**2022-02-05 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2022-02-05 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

**System**

The vulnerability in this section could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2021-39631

A-193890833 \[2\]

ID

High

10, 11, 12

**Amlogic components**

This vulnerability affects Amlogic components and further details are available directly from Amlogic. The severity assessment of this issue is provided directly by Amlogic.

   

CVE

References

Severity

Component

CVE-2021-39672  

A-202018701\*

High

Fastboot

**MediaTek components**

These vulnerabilities affect MediaTek components and further details are available directly from MediaTek. The severity assessment of these issues is provided directly by MediaTek.

   

CVE

References

Severity

Component

CVE-2022-20024  

A-209705228  
M-ALPS06219064\*

High

System service

CVE-2022-20025

A-209700749  
M-ALPS06126832\*

High

Bluetooth

CVE-2022-20026

A-209705229  
M-ALPS06126827\*

High

Bluetooth

CVE-2022-20027

A-209702508  
M-ALPS06126826\*

High

Bluetooth

CVE-2022-20028

A-209702509  
M-ALPS06198663\*

High

Bluetooth

**Unisoc components**

These vulnerabilities affect Unisoc components and further details are available directly from Unisoc. The severity assessment of these issues is provided directly by Unisoc.

   

CVE

References

Severity

Component

CVE-2021-39616

A-204686438  
U-1704529\*

High

sprd-vowifi

CVE-2021-39635

A-206492634  
U-1731024\*

High

ims\_ex

CVE-2021-39658

A-207479207  
U-1732729\*

High

IsmsEx

**Qualcomm components**

These vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.

   

CVE

References

Severity

Component

CVE-2021-35068  

A-202025798  
QC-CR#2982971

High

Bluetooth

CVE-2021-35069  

A-203032261  
QC-CR#3001191

High

WLAN

CVE-2021-35074

A-204905255  
QC-CR#2998013

High

Kernel

CVE-2021-35075  

A-204905325  
QC-CR#2998149

High

Kernel

CVE-2021-35077

A-204904989  
QC-CR#3007135

High

Kernel

**Qualcomm closed-source components**

These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.

   

CVE

References

Severity

Component

CVE-2021-30317

A-195750667\*

Critical

Closed-source component

CVE-2021-30309

A-195750718\*

High

Closed-source component

CVE-2021-30318

A-202025316\*

High

Closed-source component

CVE-2021-30322

A-195751178\*

High

Closed-source component

CVE-2021-30323

A-195750446\*

High

Closed-source component

CVE-2021-30326

A-195751080\*

High

Closed-source component

**Common questions and answers**

This section answers common questions that may occur after reading this bulletin.

**1\. How do I determine if my device is updated to address these issues?**

To learn how to check a device's security patch level, see Check and update your Android version.

*   Security patch levels of 2022-02-01 or later address all issues associated with the 2022-02-01 security patch level.
*   Security patch levels of 2022-02-05 or later address all issues associated with the 2022-02-05 security patch level and all previous patch levels.

Device manufacturers that include these updates should set the patch string level to:

*   \[ro.build.version.security\_patch\]:\[2022-02-01\]
*   \[ro.build.version.security\_patch\]:\[2022-02-05\]

For some devices on Android 10 or later, the Google Play system update will have a date string that matches the 2022-02-01 security patch level. Please see this article for more details on how to install security updates.

**2\. Why does this bulletin have two security patch levels?**

This bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level.

*   Devices that use the 2022-02-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.
*   Devices that use the security patch level of 2022-02-05 or newer must include all applicable patches in this (and previous) security bulletins.

Partners are encouraged to bundle the fixes for all issues they are addressing in a single update.

**3\. What do the entries in the _Type_ column mean?**

Entries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.

 

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

**4\. What do the entries in the _References_ column mean?**

Entries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

 

Prefix

Reference

A-

Android bug ID

QC-

Qualcomm reference number

M-

MediaTek reference number

N-

NVIDIA reference number

B-

Broadcom reference number

U-

UNISOC reference number

**5\. What does an \* next to the Android bug ID in the _References_ column mean?**

Issues that are not publicly available have an \* next to the corresponding reference ID. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.

**6\. Why are security vulnerabilities split between this bulletin and device / partner security bulletins, such as the Pixel bulletin?**

Security vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device / partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as Google, Huawei, LGE, Motorola, Nokia, or Samsung.

**Versions**

  

Version

Date

Notes

1.0

February 7, 2022

Bulletin Released

1.1

February 8, 2022

Bulletin revised to include AOSP links

Tag

#dos