9VSA22-00675-01 CSIRT comparte vulnerabilidades publicadas por Android

Resumen

El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT de Gobierno, comparte información sobre actualización dadas a conocer por Google para su sistema operativo Android.

Vulnerabilidades

CVE-2022-20219

CVE-2022-20228

CVE-2022-20229

CVE-2022-20222

CVE-2021-0981

CVE-2022-20223

CVE-2022-20226

CVE-2022-20224

CVE-2022-20225

CVE-2022-20221

CVE-2022-20230

CVE-2022-20228

CVE-2022-20220

CVE-2022-20227

CVE-2022-20083

CVE-2022-21744

CVE-2022-21767

CVE-2022-21768

CVE-2022-21763

CVE-2022-21764

CVE-2022-20216

CVE-2022-20217

CVE-2022-20236

CVE-2022-20238

CVE-2022-22096

CVE-2022-22058

CVE-2022-25667

CVE-2022-25658

CVE-2022-25659

Impacto

Vulnerabilidades de riesgo crítico

CVE-2022-20222 y CVE-2022-20229: Vulnerabilidades que permiten la ejecución remota de código sin necesidad de privilegios adicionales.

CVE-2022-22096: Vulnerabilidad en el componente Bluetooth, de Qualcomm, su explotación puede llevar a la ejecución remota de código.

Productos afectados

Android OS con parches anteriores al 5 de julio de 2022.

Mitigación

Instalar las respectivas actualizaciones entregadas por el proveedor. 

Enlaces

https://source.android.com/security/bulletin/2022-07-01

https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-android-os-could-allow-for-arbitrary-code-execution_2022-088

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20219

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20228

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20229

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20222

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0981

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20223

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20226

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20224

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20225

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20221

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20230

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20228

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20220

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20227

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20083

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21744

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21767

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21768

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21763

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21764

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20216

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20217

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20236

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20238

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22096

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22058

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25667

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25658

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25659

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA22-00675-01.

9VSA22-00675-01 CSIRT comparte vulnerabilidades publicadas por Android