Android Security Updates Mai 2022

Android Logo
Android Logo

Für das OS Android sind Update verfügbar, die mehrere Sicherheitslücken im beliebten OS auf Smartphones, schließen. Wer das akutelle Update installiert hat, sieht den Patchlevel 2022-05-05 in seinem Gerät. Das Update beinhaltet auch den aktuellen Patch 2022-05-01. Die Lücken sind zum Teil als kritisch eingestuft, weshalb ein Update dringend empfohlen wird. Betroffen sind neben dem System, das Framework, Kernel und MediaTek. Einige Lücken sind in der Komponente von Qualcomm gefunden worden.

Außer der Reihe patcht Google die Geräte der Pixel Serie, siehe CVE-2022-20120 und CVE-2022-20117. Zudem endet für das Pixel 3a und Pixel 3a XL der Support mit diesem Update. Für Pixel 4 und Pixel 4 XL endet der Support im Oktober 2022.

2022-05-01 security patch level vulnerability details

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2022-05-01 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerabilityseverity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Devices with Android 10 and later may receive security updates as well as Google Play system updates.

Framework

The most severe vulnerability in this section could lead to local escalation of privilege with User execution privileges needed.

CVEReferencesTypeSeverityUpdated AOSP versions
CVE-2021-39662A-197302116EoPHigh11, 12
CVE-2022-20004A-179699767EoPHigh10, 11, 12, 12L
CVE-2022-20005A-219044664EoPHigh10, 11, 12, 12L
CVE-2022-20007A-211481342EoPHigh10, 11, 12, 12L
CVE-2021-39700A-201645790IDModerate10, 11, 12

System

The most severe vulnerability in this section could lead to local escalation of privilege with no additional execution privileges needed.

CVEReferencesTypeSeverityUpdated AOSP versions
CVE-2022-20113A-205996517EoPHigh12, 12L
CVE-2022-20114A-211114016EoPHigh10, 11, 12, 12L
CVE-2022-20116A-212467440EoPHigh12, 12L
CVE-2022-20010A-213519176IDHigh12, 12L
CVE-2022-20011A-214999128IDHigh10, 11, 12, 12L
CVE-2022-20115A-210118427IDHigh12, 12L
CVE-2021-39670A-204087139DoSHigh12, 12L
CVE-2022-20112A-206987762DoSHigh10, 11, 12, 12L

Google Play system updates

The following issues are included in Project Mainline components.

ComponentCVE
MediaProviderCVE-2021-39662

2022-05-05 security patch level vulnerability details

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2022-05-05 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerabilityseverity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

Kernel components

The most severe vulnerability in this section could lead to local escalation of privilege in system libraries with no additional execution privileges needed.

CVEReferencesTypeSeverityComponent
CVE-2022-0847A-220741611
Upstream kernel [2] [3]
EoPHighpipes
CVE-2022-20009A-213172319
Upstream kernel [2]
EoPHighLinux
CVE-2022-20008A-216481035
Upstream kernel [2] [3]
IDHighSD MMC
CVE-2021-22600A-213464034
Upstream kernel
EoPModerateKernel

MediaTek components

These vulnerabilities affect MediaTek components and further details are available directly from MediaTek. The severity assessment of these issues is provided directly by MediaTek.

CVEReferencesSeverityComponent
CVE-2022-20084A-223071148
M-ALPS06498874 *
Hightelephony
CVE-2022-20109A-223072269
M-ALPS06399915 *
Highion
CVE-2022-20110A-223071150
M-ALPS06399915 *
Highion

Qualcomm components

These vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.

CVEReferencesSeverityComponent
CVE-2022-22057A-218337595
QC-CR#3077687
HighDisplay
CVE-2022-22064A-218338071
QC-CR#3042282
QC-CR#3048959
QC-CR#3056532
QC-CR#3049158 [2]
HighWLAN
CVE-2022-22065A-218337597
QC-CR#3042293
QC-CR#3064612
HighWLAN
CVE-2022-22068A-218337596
QC-CR#3084983 [2]
HighKernel
CVE-2022-22072A-218339149
QC-CR#3073345 [2]
HighWLAN

Qualcomm closed-source components

These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.

CVEReferencesSeverityComponent
CVE-2021-35090A-204905205*CriticalClosed-source component
CVE-2021-35072A-204905110*HighClosed-source component
CVE-2021-35073A-204905209*HighClosed-source component
CVE-2021-35076A-204905151*HighClosed-source component
CVE-2021-35078A-204905326*HighClosed-source component
CVE-2021-35080A-204905287*HighClosed-source component
CVE-2021-35086A-204905289*HighClosed-source component
CVE-2021-35087A-204905111*HighClosed-source component
CVE-2021-35094A-204905838*HighClosed-source component
CVE-2021-35096A-204905290*HighClosed-source component
CVE-2021-35116A-209469826*HighClosed-source component

Details findest du unter: Android Security Bulletin—May 2022  |  Android Open Source Project

Ersten Kommentar schreiben

Antworten

Deine E-Mail-Adresse wird nicht veröffentlicht.


*


Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.