Google’s Pixel Update Bulletin for September included two security patches that are Pixel specific.
Both underlying vulnerabilities are rated critical and could lead to privilege escalation and device takeover.
The vulnerabilities
Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). These are the CVEs that are Pixel specific:
CVE-2022-20231: a critical Elevation of Privileges vulnerability in Trusty. This buffer overflow vulnerability allows a local application to escalate privileges on the system.
Trusty is a secure Operating System (OS) that provides a Trusted Execution Environment (TEE) for Android. The Trusty OS runs on the same processor as the Android OS, but Trusty is isolated from the rest of the system by both hardware and software. Trusty and Android run parallel to each other. Trusty has access to the full power of a device’s main processor and memory but is completely isolated. Trusty's isolation is designed to protect it from malicious apps installed by the user and potential vulnerabilities that may be discovered in Android.
CVE-2022-20364: a critical Elevation of Privileges vulnerability in Kernel. The Android kernel is based on an upstream Linux Long Term Supported (LTS) kernel. At Google, LTS kernels are combined with Android-specific patches to form what are known as Android Common Kernels (ACKs). This buffer overflow vulnerability exists due to a boundary error within the kernel component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Buffer overflow
A buffer overflow occurs when a program or process attempts to write more data to a fixed-length block of memory, or buffer, than the buffer is allocated to hold. Buffers contain a defined amount of data. Any extra data could overwrite assigned data values in memory addresses adjacent to the destination buffer.
Elevation of privileges
Privilege escalation is the act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.
Mitigation
All supported Google devices will receive an update to the 2022-09-05 patch level. The update also includes patches for the 46 bugs that Google addressed in Android this month. We encourage all Pixel users to accept these updates to their devices.
To learn how to check a device's security patch level, read the instructions on the Google device update schedule.
Stay safe, everyone!