9VSA23-00761-01 CSIRT comparte información sobre vulnerabilidades en actualización de seguridad de Android para enero 2023
Resumen
El CSIRT de Gobierno comparte la información sobre nuevas vulnerabilidades para el sistema operativo Android entregada por Google y correspondientes a enero de 2023.
Vulnerabilidades
CVE-2022-20456
CVE-2022-20489
CVE-2022-20490
CVE-2022-20492
CVE-2022-20493
CVE-2023-20912
CVE-2023-20916
CVE-2023-20918
CVE-2023-20919
CVE-2023-20920
CVE-2023-20921
CVE-2022-20494
CVE-2023-20908
CVE-2023-20922
CVE-2022-20461
CVE-2023-20904
CVE-2023-20905
CVE-2023-20913
CVE-2023-20915
CVE-2022-42719
CVE-2022-42720
CVE-2022-42721
CVE-2022-2959
CVE-2022-41674
CVE-2023-20928
CVE-2022-20235
CVE-2022-32635
CVE-2022-32636
CVE-2022-32637
CVE-2022-44425
CVE-2022-44426
CVE-2022-44427
CVE-2022-44428
CVE-2022-44429
CVE-2022-44430
CVE-2022-44431
CVE-2022-44432
CVE-2022-44434
CVE-2022-44435
CVE-2022-44436
CVE-2022-44437
CVE-2022-44438
CVE-2022-22088
CVE-2022-33255
CVE-2021-35097
CVE-2021-35113
CVE-2021-35134
CVE-2022-23960
CVE-2022-25725
CVE-2022-25746
CVE-2022-33252
CVE-2022-33253
CVE-2022-33266
CVE-2022-33274
CVE-2022-33276
CVE-2022-33283
CVE-2022-33284
CVE-2022-33285
CVE-2022-33286
Impacto
Vulnerabilidades de riesgo crítico
CVE-2022-42719: Vulnerabilidad de ejecución remota de código en el núcleo.
CVE-2022-42720: Vulnerabilidad de ejecución remota de código en el núcleo.
CVE-2022-42721: Vulnerabilidad de ejecución remota de código en el núcleo.
CVE-2022-41674: Vulnerabilidad de ejecución remota de código en componentes del núcleo.
CVE-2022-22088: Vulnerabilidad en el componente Bluetooth de Qualcomm.
CVE-2021-35097: Vulnerabilidad en componentes de Qualcomm.
CVE-2021-35113: Vulnerabilidad en componentes de Qualcomm.
CVE-2021-35134: Vulnerabilidad en componentes de Qualcomm.
Productos afectados
Android, todas las versiones.
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Enlaces
https://source.android.com/docs/security/bulletin/2023-01-01
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20489
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20493
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20912
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20919
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20908
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20922
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20904
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20905
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20915
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42719
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41674
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32635
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32636
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32637
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44431
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44432
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33286
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00761-01.