Lucene search

K
thnThe Hacker NewsTHN:D83BCA7444B07BB4964502B0F216E095
HistoryMay 06, 2022 - 5:13 a.m.

Google Releases Android Update to Patch Actively Exploited Vulnerability

2022-05-0605:13:00
The Hacker News
thehackernews.com
38

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

Android Kernel Vulnerability

Google has released monthly security patches for Android with fixes for 37 flaws across different components, one of which is a fix for an actively exploited Linux kernel vulnerability that came to light earlier this year.

Tracked as CVE-2021-22600 (CVSS score: 7.8), the vulnerability is ranked “High” for severity and could be exploited by a local user to escalate privileges or deny service.

The issue relates to a double-free vulnerability residing in the Packet network protocol implementation in the Linux kernel that could cause memory corruption, potentially leading to denial-of-service or execution of arbitrary code.

Patches were released by different Linux distributions, including Debian, Red Hat, SUSE, and Ubuntu in December 2021 and January 2022.

“There are indications that CVE-2021-22600 may be under limited, targeted exploitation,” Google noted in its Android Security Bulletin for May 2022. Specifics about the nature of the attacks are unknown as yet.

It’s worth noting that the vulnerability has also been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities Catalog as of last month based on evidence of active exploitation.

Also fixed as part of this month’s patches are three other bugs in the kernel as well as 18 high-severity and one critical-severity flaw in MediaTek and Qualcomm components.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C