9VSA23-00761-01 CSIRT comparte información sobre vulnerabilidades en actualización de seguridad de Android para enero 2023

Resumen

El CSIRT de Gobierno comparte la información sobre nuevas vulnerabilidades para el sistema operativo Android entregada por Google y correspondientes a enero de 2023.

Vulnerabilidades

CVE-2022-20456

CVE-2022-20489

CVE-2022-20490

CVE-2022-20492

CVE-2022-20493

CVE-2023-20912

CVE-2023-20916

CVE-2023-20918

CVE-2023-20919

CVE-2023-20920

CVE-2023-20921

CVE-2022-20494

CVE-2023-20908

CVE-2023-20922

CVE-2022-20461

CVE-2023-20904

CVE-2023-20905

CVE-2023-20913

CVE-2023-20915

CVE-2022-42719

CVE-2022-42720

CVE-2022-42721

CVE-2022-2959

CVE-2022-41674

CVE-2023-20928

CVE-2022-20235

CVE-2022-32635

CVE-2022-32636

CVE-2022-32637

CVE-2022-44425

CVE-2022-44426

CVE-2022-44427

CVE-2022-44428

CVE-2022-44429

CVE-2022-44430

CVE-2022-44431

CVE-2022-44432

CVE-2022-44434

CVE-2022-44435

CVE-2022-44436

CVE-2022-44437

CVE-2022-44438

CVE-2022-22088

CVE-2022-33255

CVE-2021-35097

CVE-2021-35113

CVE-2021-35134

CVE-2022-23960

CVE-2022-25725

CVE-2022-25746

CVE-2022-33252

CVE-2022-33253

CVE-2022-33266

CVE-2022-33274

CVE-2022-33276

CVE-2022-33283

CVE-2022-33284

CVE-2022-33285

CVE-2022-33286

Impacto

Vulnerabilidades de riesgo crítico

CVE-2022-42719: Vulnerabilidad de ejecución remota de código en el núcleo.

CVE-2022-42720: Vulnerabilidad de ejecución remota de código en el núcleo.

CVE-2022-42721: Vulnerabilidad de ejecución remota de código en el núcleo.

CVE-2022-41674: Vulnerabilidad de ejecución remota de código en componentes del núcleo.

CVE-2022-22088: Vulnerabilidad en el componente Bluetooth de Qualcomm.

CVE-2021-35097: Vulnerabilidad en componentes de Qualcomm.

CVE-2021-35113: Vulnerabilidad en componentes de Qualcomm.

CVE-2021-35134: Vulnerabilidad en componentes de Qualcomm.

Productos afectados

Android, todas las versiones.

Mitigación

Instalar las respectivas actualizaciones entregadas por el proveedor.

Enlaces

https://source.android.com/docs/security/bulletin/2023-01-01

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20456

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20489

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20490

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20492

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20493

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20912

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20916

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20918

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20919

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20920

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20921

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20494

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20908

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20922

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20461

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20904

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20905

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20913

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20915

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42719

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42720

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42721

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2959

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41674

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20928

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20235

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32635

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32636

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32637

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44425

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44426

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44426

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44428

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44429

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44430

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44431

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44432

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44434

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44435

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44436

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44437

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44438

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22088

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33255

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35097

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35113

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35134

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25725

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25746

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33252

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33253

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33266

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33274

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33276

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33283

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33284

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33285

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33286

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00761-01.