By Habiba Rashid
Emergence of Gigabud Banking Trojan Threatens Financial Institutions Globally.
This is a post from HackRead.com Read the original post: New Gigabud Android RAT Bypasses 2FA, Targets Financial Orgs

*   **New Malware Variant:** Gigabud introduces a fresh wave of sophisticated cyber danger.

*   **Global Operation:** Gigabud has targeted at least 25 companies, financial institutions, and government departments across several countries.

*   **Bypasses 2FA:** Gigabud malware can adeptly circumvent two-factor authentication (2FA).

*   **Targets Financial Giants:** Financial institutions face a growing threat from Gigabud’s focused attacks.

*   **Gigabud family:** Gigabud.Loan variant presents itself as a fake loan application, luring victims with promises of low-interest loans.

*   **Emerging Cyber Risk:** The rise of Gigabud underscores the evolving landscape of financial cyber threats.

A new banking trojan named Gigabud has emerged as a formidable adversary, posing a persistent danger to financial institutions worldwide. Originating as an Android Remote Access Trojan (**RAT**), Gigabud first came to the attention of security experts in September 2022 when it targeted a Thailand-based financial organization and its customers across the Asia-Pacific region.

Group-IB’s experts, in response to a customer’s request, undertook a comprehensive analysis of the malware to decode its intricate tactics. The defining feature of Gigabud is its cautious approach to executing malicious actions.

Unlike conventional malware that acts immediately upon infiltration, Gigabud waits for user authorization within the malicious application, a strategy that makes it notably elusive. Instead of relying on HTML overlay attacks, Gigabud employs screen recording to gather sensitive information, further complicating its detection.

One standout feature of Gigabud is its use of accessibility services, which allows it to perform actions on the victim’s device remotely. This capability, known as “TouchAction,” enables the attacker to perform gestures on the user’s device, giving them the power to evade defence mechanisms, including two-factor authentication (**2FA**).

Gigabud RAT has targeted at least 25 companies, financial institutions, and government departments across several countries, aiming to mimic their identities and deceive users.

Researchers also uncovered a parallel threat within the Gigabud family: Gigabud.Loan. This variant presents itself as a fake loan application, luring victims with promises of low-interest loans. Once users engage with the app, they are coerced into providing sensitive personal information, which can later be exploited by the threat actors.

Gigabud.Loan’s modus operandi involves impersonating fictional financial institutions from various countries, such as Thailand, Indonesia, and Peru.

The distribution strategy for both Gigabud.RAT and Gigabud.Loan centers around phishing websites. These websites are disseminated through tactics like “smishing,” where victims are sent misleading messages via instant messengers, SMS, or social networks, leading them to malicious links. In certain cases, the malware is even delivered directly through messages on platforms like **WhatsApp**.

Watch as Group-IB’s researchers looks into Gigabud RAT

Over the course of 2022 to 2023, Group-IB’s researchers detected over 400 Gigabud RAT samples and more than 20 Gigabud.Loan samples using advanced hunting techniques. 

To counteract the threat posed by Gigabud, **Group-IB suggests** a multi-pronged defence strategy. Organizations should prioritize proactive monitoring of user sessions, prioritize client education on safe online practices, and employ digital protection tools.

Users, in turn, are advised to exercise caution when clicking on links, refrain from downloading risky apps, and utilize **reliable VPNs** on public Wi-Fi networks.

**RELATED ARTICLES**

1.  FakeTrade Android Malware Attack Steals Crypto Wallet Data
2.  Android banking malware distributed with fake Google reCAPTCHA
3.  New Android banking malware Xenomorph found in Play Store apps
4.  Experts concerned over emergence of Android banking trojan S.O.V.A.
5.  Iranian Stalkerware ‘Spyhide’ Steals Data from 60,000 Android Devices

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

New Gigabud Android RAT Bypasses 2FA, Targets Financial Orgs

Categories: Exploits and vulnerabilities
Categories: News
Tags: Ford

Tags:  Lincoln

Tags:  SYNC 3

Tags:  CVE-2023-29468

Tags:  TI WLink

Tags:  MCP driver

A vulnerability in the SYNC 3 infotainment will not have a negative effect on driving safety, says Ford.



(Read more...)




The post Ford says it’s safe to drive its cars with a WiFi vulnerability appeared first on Malwarebytes Labs.

Ford has released information about a buffer overflow vulnerability in its SYNC 3 infotainment system.

Ford learned from a supplier that a security researcher had discovered a vulnerability in the Wi-Fi software driver supplied for use in the SYNC 3 infotainment system available on some Ford and Lincoln vehicles. The company said it started an investigation and subsequently decided that the vulnerability does not affect vehicle driving safety.

Ford's SYNC 3 system exists in Ford models from 2015 onward. Other than recent vehicles that have the newest version, most Ford vehicles have SYNC 3. If you have a Ford Owner account, you can go to the Vehicle Dashboard to see what version of SYNC your car has.

Lincoln drivers can check their version on the Lincoln Support site (you will need to enter your VIN number).

The SYNC 3 vulnerability is CVE-2023-29468: a vulnerability in the TI WiLink WL18xx MCP driver. An attacker within wireless range of a potentially vulnerable device can gain the ability to overwrite memory of the host processor executing the MCP driver. Exploiting this vulnerability involves a malicious actor crafting a specific frame to trigger a buffer overflow, potentially leading to remote code execution (RCE).

A buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region.

Ford’s assessment of the vulnerability is that it is highly unlikely to be exploited, since it requires a highly skilled attacker within close proximity of the target vehicle, and the vehicle need to have the engine running and WiFi support enabled. Ford said it isn't aware of any instances of exploitation.

And even if an attacker were to gain RCE on the SYNC 3 system using this vulnerability, the potential damage would be limited, since the system is isolated from critical control functions like steering, throttling, and braking.

Ford says that if drivers are worried, they can disable the WiFi support in the SYNC 3 infotainment system in the Settings menu, which will stop an attacker from being able to exploit the vulnerability.

Ford is still working on a patch, which is expected in the coming weeks and will be presented including instructions how to manually install the patch using a USB flash drive.

**We don’t just report on encryption—we offer you the option to use it.**

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

Ford says it’s safe to drive its cars with a WiFi vulnerability

Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-39828: Vulnerability/Tenda/A18/formWifiBasicSet at main · lst-oss/Vulnerability

In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.



)\]}' { "commit": "0d3cb609b0851ea9e5745cc6101e57c2e5e739f2", "tree": "7a0189a8f8573cdefb0afbe02c560cc04bbd86d9", "parents": \[ "bd318b9772759546509f6fdb8648366099dd65ad" \], "author": { "name": "Hai Shalom", "email": "haishalom@google.com", "time": "Thu Mar 02 23:00:56 2023 +0000" }, "committer": { "name": "Android Build Coastguard Worker", "email": "android-build-coastguard-worker@google.com", "time": "Thu Apr 06 00:38:45 2023 +0000" }, "message": "\[TOFU\] Implement a secure TOFU flow\\n\\nImplement a secure TOFU flow for supporting devices, and\\nnotifications about insecure connections in non-supporting\\ndevices, when insecure configurations are not allowed.\\nHandle the case where insecure enterprise configurations are\\nallowed in the new and secure TOFU flow. In this mode, do not\\ndisconnect the network, do not load certificates, and do not\\nnotify the user about anything.\\nDisplay the correct certificate information in the dialog,\\nremove the email and 8-octet signature from the TOFU dialog, and\\nreplace with user verifiable information: certificate expiration\\ndate (locale adjusted) and a SHA-256 fingerprint of the server\\ncertificate which is locally generated.\\nNetwork admins can calculate the fingerprint of their server\\ncertificate and publish the result to their users, using:\\nopenssl x509 -in server-cert.pem -noout -fingerprint -sha256\\n\\nUpdated-Overlayable: TRUE\\nUpdated-PDD: TRUE\\n\\nBug: 267633332\\nBug: 251910611\\nBug: 250574778\\nTest: atest ClientModeImplTest InsecureEapNetworkHandlerTest\\nTest: atest WifiConfigManagerTest\\nTest: Integration test on R, and T devices with overlay setting\\nof insecure networks allowed and not allowed, and with new\\nconfigs and insecure (Do not validate) configs made with R.\\nTest: Functional test, UI verification with multiple locales\\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a5227527411bc24e6e2c6276f16559c7305b6783)\\nMerged-In: I5cac12cd8c52a8a9425e98dad0fb90893f53e374\\nChange-Id: I5cac12cd8c52a8a9425e98dad0fb90893f53e374\\n", "tree\_diff": \[ { "type": "modify", "old\_id": "2d6d08db5b4540a350d0cc8099849a74e021f211", "old\_mode": 33188, "old\_path": "service/ServiceWifiResources/res/values/overlayable.xml", "new\_id": "4ddba7f7322f680502cd308ba8942bf7839db727", "new\_mode": 33188, "new\_path": "service/ServiceWifiResources/res/values/overlayable.xml" }, { "type": "modify", "old\_id": "15ffcf0adabd9d5306e6ac64b3b8135d0768c967", "old\_mode": 33188, "old\_path": "service/ServiceWifiResources/res/values/strings.xml", "new\_id": "bfcb96a1f8801857cc8dfe2ba8e877a43adbfcb9", "new\_mode": 33188, "new\_path": "service/ServiceWifiResources/res/values/strings.xml" }, { "type": "modify", "old\_id": "92cc9ffce6119ede40f7d08d074399b8b9bc1e41", "old\_mode": 33188, "old\_path": "service/java/com/android/server/wifi/ClientModeImpl.java", "new\_id": "c4c0823db079402feb4ee5f2c833a75f339eae72", "new\_mode": 33188, "new\_path": "service/java/com/android/server/wifi/ClientModeImpl.java" }, { "type": "modify", "old\_id": "225d01c7e55d10b3226fd112e6c4d6ae12f34ca7", "old\_mode": 33188, "old\_path": "service/java/com/android/server/wifi/InsecureEapNetworkHandler.java", "new\_id": "6c55feab7fdfeeec9943cf005f624046e09c2948", "new\_mode": 33188, "new\_path": "service/java/com/android/server/wifi/InsecureEapNetworkHandler.java" }, { "type": "modify", "old\_id": "2079cb82d085a8c3eb69dcabab26d3b73327d346", "old\_mode": 33188, "old\_path": "service/java/com/android/server/wifi/WifiConfigManager.java", "new\_id": "f2a39dadaeb1c9010ab1e28e975c8297a1a14730", "new\_mode": 33188, "new\_path": "service/java/com/android/server/wifi/WifiConfigManager.java" }, { "type": "modify", "old\_id": "a69614090ce52d28a21430b0372ab917e628e308", "old\_mode": 33188, "old\_path": "service/java/com/android/server/wifi/WifiKeyStore.java", "new\_id": "deb2e9d94c36a6380358570288ece5f88581b294", "new\_mode": 33188, "new\_path": "service/java/com/android/server/wifi/WifiKeyStore.java" }, { "type": "modify", "old\_id": "16b05c38892fdc15e3ff23257b591097c92c3280", "old\_mode": 33188, "old\_path": "service/java/com/android/server/wifi/WifiServiceImpl.java", "new\_id": "30ea2482954ffb0f3cf4ed496fc1925ea3915942", "new\_mode": 33188, "new\_path": "service/java/com/android/server/wifi/WifiServiceImpl.java" }, { "type": "modify", "old\_id": "09a596f984cf403feaf85b6ab986de9fbdd05d00", "old\_mode": 33188, "old\_path": "service/proto/src/metrics.proto", "new\_id": "871eb2c750cd50f21e7740a3d3d18463836352f1", "new\_mode": 33188, "new\_path": "service/proto/src/metrics.proto" }, { "type": "modify", "old\_id": "ca8f5b031ceac99ff603d27679d89a0f7a22b208", "old\_mode": 33188, "old\_path": "service/tests/wifitests/src/com/android/server/wifi/ClientModeImplTest.java", "new\_id": "cef996fef1df59033c6e62b544aa05b42170f837", "new\_mode": 33188, "new\_path": "service/tests/wifitests/src/com/android/server/wifi/ClientModeImplTest.java" }, { "type": "modify", "old\_id": "aed3753ffc0f4f69c5bf998f376fe196f506493b", "old\_mode": 33188, "old\_path": "service/tests/wifitests/src/com/android/server/wifi/InsecureEapNetworkHandlerTest.java", "new\_id": "b83f6e7e6c1f89ede082ef11d045996b43f3e6ee", "new\_mode": 33188, "new\_path": "service/tests/wifitests/src/com/android/server/wifi/InsecureEapNetworkHandlerTest.java" }, { "type": "modify", "old\_id": "141dca53afb1a8b9c4b5f700c1257d344857470b", "old\_mode": 33188, "old\_path": "service/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java", "new\_id": "b707b1d6b06fe564632f77f4e4d61c0fe3f394c9", "new\_mode": 33188, "new\_path": "service/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java" }, { "type": "modify", "old\_id": "eefa46bb7c13db355460f3d458b90abe3444c771", "old\_mode": 33188, "old\_path": "service/tests/wifitests/src/com/android/server/wifi/WifiConfigurationTestUtil.java", "new\_id": "9dc610b275ee4077d1b832a814059304cf7d243b", "new\_mode": 33188, "new\_path": "service/tests/wifitests/src/com/android/server/wifi/WifiConfigurationTestUtil.java" }, { "type": "modify", "old\_id": "9de443def48ebc9ccc708bf2b2644247aa38faca", "old\_mode": 33188, "old\_path": "service/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java", "new\_id": "37fbb8f7b27a9902adc4a6994f0e0d2c653d44ed", "new\_mode": 33188, "new\_path": "service/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java" } \] }

CVE-2023-20965

In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.



_Published August 7, 2023_

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2023-08-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version.

Android partners are notified of all issues at least a month before publication. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP.

The most severe of these issues is a critical security vulnerability in the System component that could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.

**Android and Google service mitigations**

This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.

*   Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
*   The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.

**2023-08-01 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-08-01 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Devices with Android 10 and later may receive security updates as well as Google Play system updates.

**Android Runtime**

The vulnerability in this section could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-21265

A-262521447

ID

High

11, 12, 12L, 13

**Framework**

The most severe vulnerability in this section could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-21287

A-278221085

RCE

High

11, 12, 12L, 13

CVE-2023-21269

A-271576718

EoP

High

13

CVE-2023-21270

A-283006437 \[2\]

EoP

High

12, 12L, 13

CVE-2023-21272

A-227471459

EoP

High

11, 12, 12L

CVE-2023-21278

A-281807669

EoP

High

12, 12L, 13

CVE-2023-21281

A-265431505

EoP

High

11, 12, 12L, 13

CVE-2023-21286

A-277740082

EoP

High

11, 12, 12L, 13

CVE-2023-21267

A-218495634

ID

High

11, 12, 12L, 13

CVE-2023-21276

A-213170822

ID

High

12, 12L, 13

CVE-2023-21277

A-281018094

ID

High

12, 12L, 13

CVE-2023-21279

A-277741109

ID

High

12, 12L, 13

CVE-2023-21283

A-280797684 \[2\]

ID

High

11, 12, 12L, 13

CVE-2023-21288

A-276294099

ID

High

11, 12, 12L, 13

CVE-2023-21289

A-272020068

ID

High

11, 12, 12L, 13

CVE-2023-21292

A-236688380

ID

High

11, 12, 12L, 13

CVE-2023-21280

A-270049379

DoS

High

12, 12L, 13

CVE-2023-21284

A-260729089

DoS

High

11, 12, 12L, 13

**Media Framework**

The vulnerability in this section could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-21282

A-279766766

RCE

Critical

11, 12, 12L, 13

**System**

The most severe vulnerability in this section could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-21273

A-272783039

RCE

Critical

11, 12, 12L, 13

CVE-2023-20965

A-250574778 \[2\] \[3\]

EoP

High

13

CVE-2023-21132

A-253043218

EoP

High

12, 12L, 13

CVE-2023-21133

A-253043502

EoP

High

12, 12L, 13

CVE-2023-21134

A-253043495

EoP

High

12, 12L, 13

CVE-2023-21140

A-253043490

EoP

High

12, 12L, 13

CVE-2023-21242

A-277824547

EoP

High

13

CVE-2023-21275

A-278691965

EoP

High

12, 12L, 13

CVE-2023-21271

A-269455813

ID

High

12, 12L, 13

CVE-2023-21274

A-269456018

ID

High

12, 12L, 13

CVE-2023-21285

A-271851153

ID

High

11, 12, 12L, 13

CVE-2023-21268

A-264880895

DoS

High

11, 12, 12L, 13

CVE-2023-21290

A-264880689

DoS

High

11, 12, 12L, 13

**Google Play system updates**

The following issues are included in Project Mainline components.

 

Subcomponent

CVE

Media Codecs

CVE-2023-21282

Permission Controller

CVE-2023-21132, CVE-2023-21133, CVE-2023-21134, CVE-2023-21140

WiFi

CVE-2023-20965, CVE-2023-21242

**2023-08-05 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-08-05 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

**Kernel**

The most severe vulnerability in this section could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Subcomponent

CVE-2023-21264

A-279739439  
Upstream kernel \[2\]

EoP

Critical

KVM

CVE-2020-29374

A-174737879  
Upstream kernel \[2\] \[3\] \[4\] \[5\] \[6\]

EoP

High

COW

**Arm components**

This vulnerability affects Arm components and further details are available directly from Arm. The severity assessment of this issue is provided directly by Arm.

    

CVE

References

Severity

Subcomponent

CVE-2022-34830  

A-227655299 \*

High

Mali

**MediaTek components**

This vulnerability affects MediaTek components and further details are available directly from MediaTek. The severity assessment of this issue is provided directly by MediaTek.

    

CVE

References

Severity

Subcomponent

CVE-2023-20780  

A-285686353  
M-ALPS08017756 \*

High

keyinstall

**Qualcomm closed-source components**

These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.

    

CVE

References

Severity

Subcomponent

CVE-2022-40510  

A-268059589 \*

Critical

Closed-source component

CVE-2023-21626  

A-268060065 \*

High

Closed-source component

CVE-2023-22666  

A-280342037 \*

High

Closed-source component

CVE-2023-28537  

A-280341737 \*

High

Closed-source component

CVE-2023-28555  

A-280342401 \*

High

Closed-source component

**Common questions and answers**

This section answers common questions that may occur after reading this bulletin.

**1\. How do I determine if my device is updated to address these issues?**

To learn how to check a device's security patch level, see Check and update your Android version.

*   Security patch levels of 2023-08-01 or later address all issues associated with the 2023-08-01 security patch level.
*   Security patch levels of 2023-08-05 or later address all issues associated with the 2023-08-05 security patch level and all previous patch levels.

Device manufacturers that include these updates should set the patch string level to:

*   \[ro.build.version.security\_patch\]:\[2023-08-01\]
*   \[ro.build.version.security\_patch\]:\[2023-08-05\]

For some devices on Android 10 or later, the Google Play system update will have a date string that matches the 2023-08-01 security patch level. Please see this article for more details on how to install security updates.

**2\. Why does this bulletin have two security patch levels?**

This bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level.

*   Devices that use the 2023-08-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.
*   Devices that use the security patch level of 2023-08-05 or newer must include all applicable patches in this (and previous) security bulletins.

Partners are encouraged to bundle the fixes for all issues they are addressing in a single update.

**3\. What do the entries in the _Type_ column mean?**

Entries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.

 

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

**4\. What do the entries in the _References_ column mean?**

Entries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

 

Prefix

Reference

A-

Android bug ID

QC-

Qualcomm reference number

M-

MediaTek reference number

N-

NVIDIA reference number

B-

Broadcom reference number

U-

UNISOC reference number

**5\. What does an \* next to the Android bug ID in the _References_ column mean?**

Issues that are not publicly available have an \* next to the corresponding reference ID. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.

**6\. Why are security vulnerabilities split between this bulletin and device / partner security bulletins, such as the Pixel bulletin?**

Security vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device / partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as Google, Huawei, LGE, Motorola, Nokia, or Samsung.

**Versions**

  

Version

Date

Notes

1.0

August 7, 2023

Bulletin published.

CVE-2023-21267: Android Security Bulletin—August 2023

The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be triggered that can potentially lead to remote code execution. This affects WILINK8-WIFI-MCP8 version 8.5_SP3 and earlier.

%PDF-1.4 %���� 2 0 obj <>stream x��<ێc7���+��vt��(���k����n\`�x'��V%� �\`�~ū�c����!H�,�BQ$E���W����>�����#��5�c�⚶c��/�}}�n�⯏���7�ݭ��}�vy��~��G���7�����e��w������c��w�oPY\]��������u8�i��> �Q�}�����/���}\\,q^�#�|�e"���Ε5�cmE(�#m0)S������:���a�SsO}�:��{\]���S�z=�ö� ��P磝c^�Hŭq;&��w��󧿍�Y��\]��;�|,���\[�k���Z��ƣۀ����3mւ�}9ּD�w��\_���.~�������!�?���i�PWO͡N�-��%C��(.c�އ���p�3�"��'tj�r(��W�W�43!�b�Pd�:w����B��bD(5l�����jJ�^��\[�3{��w�30=�˰��1t��$�k#rҋ\]b�bB����!�Fd�,B 7刽I������aD'.�h=����Ē�4uF�L��yN5l��+\]:�>�d�I=\\/8����I\\a��^z;b A����C�{�p�7�� >�.0z���}��~�$J(fU�Cp��� ya9N�C�r%~���A��>��s� UG&'|(&��"��4�I�HCC2G��iM� )��XX�'�kV(Lm,��C BQ�zWZ�S��&���D�\\b��$s��ӎ����ۥo�����j��q\[z7Pu+�y���5��އ�}�#e:��I��H!8���<ԹՁ�x��n18%��fV�-��m\`o\\&wΉ�xО�~��n����Bk/A,���E$�K���4wKvI����{)�$�^\`�63,T2H0Lʝԓ@��e�\\�e��v�ȭc�m�5�Yw�!D�\]ṗH�X�d�B�2L�L��V��ٌ˪�'��L � ����.�� ����M�\`�!z���ʸs�(%�����v ��yI|��z�4�@@�/+�t��8;�TQ;�ɺU�\]�p�AD������!����� #\_�A�$��h�#�"�(��l�P\*�Չn8h�Rĉ�k��%��\[qG��9D��#��+���ds�tE\*d�6�hD���̣�"�cD�(߭�,Ē�ϖ�Ψ6��WzA��\[���+ �nwÆ;�pyQ�X/+s��Lt�@)�>�s���B�r�@Z��� �Ќ������A�\*�"���)2�h��$�I�V�\*� +����(=Ū���ܡ��y-}H;�XD�De������qͭԣC�.1\*Ά3!���� �.�L�#��F�'v�Vt3����u��o'�D�%� �P-�G���%P�L��$۵��Ƥ�Ќ��A\*�������9�&�8�0z@�e�nH�9@�$|!�L�6�Br�u�,�Q�Al�Hln bʞL�J�O��~�pEK��G.G2���\]u\`��7�dъ���+ �Nw֝��J�X�A /n9�鋀r��!�3(\*���r�u�9 '�DzX���NE݋Y�/\*����?9)����

CVE-2023-29468

Ubuntu Security Notice 6283-1 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear operations. A local attacker could use this to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6283-1  
August 11, 2023

linux, linux-aws, linux-azure, linux-gcp, linux-ibm, linux-kvm,  
linux-lowlatency, linux-oracle, linux-raspi vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux: Linux kernel  
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems  
- linux-azure: Linux kernel for Microsoft Azure Cloud systems  
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems  
- linux-ibm: Linux kernel for IBM cloud systems  
- linux-kvm: Linux kernel for cloud environments  
- linux-lowlatency: Linux low latency kernel  
- linux-oracle: Linux kernel for Oracle Cloud systems  
- linux-raspi: Linux kernel for Raspberry Pi systems

Details:

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did  
not properly perform permissions checks when handling HCI sockets. A  
physically proximate attacker could use this to cause a denial of service  
(bluetooth communication). (CVE-2023-2002)

Zheng Zhang discovered that the device-mapper implementation in the Linux  
kernel did not properly handle locking during table_clear() operations. A  
local attacker could use this to cause a denial of service (kernel  
deadlock). (CVE-2023-2269)

It was discovered that the Ricoh R5C592 MemoryStick card reader driver in  
the Linux kernel contained a race condition during module unload, leading  
to a use-after-free vulnerability. A local attacker could use this to cause  
a denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-3141)

Quentin Minster discovered that the KSMBD implementation in the Linux  
kernel did not properly validate pointers in some situations, leading to a  
null pointer dereference vulnerability. A remote attacker could use this to  
cause a denial of service (system crash). (CVE-2023-32248)

Quentin Minster discovered that a race condition existed in the KSMBD  
implementation in the Linux kernel, leading to a use-after-free  
vulnerability. A remote attacker could use this to cause a denial of  
service (system crash) or possibly execute arbitrary code. (CVE-2023-32254)

It was discovered that the kernel->user space relay implementation in the  
Linux kernel did not properly perform certain buffer calculations, leading  
to an out-of-bounds read vulnerability. A local attacker could use this to  
cause a denial of service (system crash) or expose sensitive information  
(kernel memory). (CVE-2023-3268)

It was discovered that the QCOM CPUFreq HW driver in the Linux kernel on  
ARM processors did not properly handle device unbind. A local attacker  
could use this to cause a denial of service (system crash). (CVE-2023-3312)

It was discovered that the MediaTek MT7921E (PCIe) WiFi driver in the Linux  
kernel contained a use-after-free vulnerability when querying the firmware  
features of the device. A local attacker could use this to cause a denial  
of service (system crash). (CVE-2023-3317)

It was discovered that the video4linux driver for Philips based TV cards in  
the Linux kernel contained a race condition during device removal, leading  
to a use-after-free vulnerability. A physically proximate attacker could  
use this to cause a denial of service (system crash) or possibly execute  
arbitrary code. (CVE-2023-35823)

It was discovered that the SDMC DM1105 PCI device driver in the Linux  
kernel contained a race condition during device removal, leading to a use-  
after-free vulnerability. A physically proximate attacker could use this to  
cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2023-35824)

It was discovered that the Allwinner Cedar video engine driver in the Linux  
kernel contained a race condition during device removal, leading to a use-  
after-free vulnerability. A privileged attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-35826)

It was discovered that the Renesas USB controller driver in the Linux  
kernel contained a race condition during device removal, leading to a use-  
after-free vulnerability. A privileged attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-35828)

It was discovered that the Rockchip Video Decoder IP driver in the Linux  
kernel contained a race condition during device removal, leading to a use-  
after-free vulnerability. A privileged attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-35829)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   linux-image-6.2.0-1007-ibm      6.2.0-1007.7  
   linux-image-6.2.0-1009-aws      6.2.0-1009.9  
   linux-image-6.2.0-1009-azure    6.2.0-1009.9  
   linux-image-6.2.0-1009-oracle   6.2.0-1009.9  
   linux-image-6.2.0-1010-kvm      6.2.0-1010.10  
   linux-image-6.2.0-1010-lowlatency  6.2.0-1010.10  
   linux-image-6.2.0-1010-lowlatency-64k  6.2.0-1010.10  
   linux-image-6.2.0-1010-raspi    6.2.0-1010.12  
   linux-image-6.2.0-1011-gcp      6.2.0-1011.11  
   linux-image-6.2.0-27-generic    6.2.0-27.28  
   linux-image-6.2.0-27-generic-64k  6.2.0-27.28  
   linux-image-6.2.0-27-generic-lpae  6.2.0-27.28  
   linux-image-aws                 6.2.0.1009.10  
   linux-image-azure               6.2.0.1009.9  
   linux-image-gcp                 6.2.0.1011.11  
   linux-image-generic             6.2.0.27.27  
   linux-image-generic-64k         6.2.0.27.27  
   linux-image-generic-lpae        6.2.0.27.27  
   linux-image-ibm                 6.2.0.1007.7  
   linux-image-kvm                 6.2.0.1010.10  
   linux-image-lowlatency          6.2.0.1010.10  
   linux-image-lowlatency-64k      6.2.0.1010.10  
   linux-image-oracle              6.2.0.1009.9  
   linux-image-raspi               6.2.0.1010.13  
   linux-image-raspi-nolpae        6.2.0.1010.13  
   linux-image-virtual             6.2.0.27.27

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6283-1  
   CVE-2023-2002, CVE-2023-2269, CVE-2023-3141, CVE-2023-32248,  
   CVE-2023-32254, CVE-2023-3268, CVE-2023-3312, CVE-2023-3317,  
   CVE-2023-35823, CVE-2023-35824, CVE-2023-35826, CVE-2023-35828,  
   CVE-2023-35829

Package Information:  
   https://launchpad.net/ubuntu/+source/linux/6.2.0-27.28  
   https://launchpad.net/ubuntu/+source/linux-aws/6.2.0-1009.9  
   https://launchpad.net/ubuntu/+source/linux-azure/6.2.0-1009.9  
   https://launchpad.net/ubuntu/+source/linux-gcp/6.2.0-1011.11  
   https://launchpad.net/ubuntu/+source/linux-ibm/6.2.0-1007.7  
   https://launchpad.net/ubuntu/+source/linux-kvm/6.2.0-1010.10  
   https://launchpad.net/ubuntu/+source/linux-lowlatency/6.2.0-1010.10  
   https://launchpad.net/ubuntu/+source/linux-oracle/6.2.0-1009.9  
   https://launchpad.net/ubuntu/+source/linux-raspi/6.2.0-1010.12

Ubuntu Security Notice USN-6283-1

Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object.

CVE-2023-40293: Dude, It’s my Car: How to develop intimacy with your car !

Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges.

CVE-2023-39405

Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access.

Tag

#wifi