https://source.codeaurora.org/external/imx/aosp/platform/external/wpa_supplicant_8/android-mainline-10.0.0_r13: 3 vulnerabilities (highest severity is: 9.8)

Question

https://source.codeaurora.org/external/imx/aosp/platform/external/wpa_supplicant_8/android-mainline-10.0.0_r13: 3 vulnerabilities (highest severity is: 9.8)

mend-bolt-for-github opened this issue 2 years ago · 0 comments

mend-bolt-for-github commented 2 years ago

Vulnerable Library - https://source.codeaurora.org/external/imx/aosp/platform/external/wpa_supplicant_8/android-mainline-10.0.0_r13

AOSP Platform External WPA Supplicant 8

Library home page: https://source.codeaurora.org/external/imx/aosp/platform/external/wpa_supplicant_8/

Vulnerable Source Files (2)

/src/p2p/p2p_pd.c
/src/p2p/p2p_pd.c

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in	Remediation Available
CVE-2021-0516	High	9.8	https://source.codeaurora.org/external/imx/aosp/platform/external/wpa_supplicant_8/android-mainline-10.0.0_r13	Direct	android-11.0.0_r38	❌
CVE-2021-27803	High	7.5	https://source.codeaurora.org/external/imx/aosp/platform/external/wpa_supplicant_8/android-mainline-10.0.0_r13	Direct	wpa_supplicant - 2.6-12,2.9-2,2.7-2,2.9-2,2.9-2,2.9-2,2.9-2,2.6-12,2.7-2,2.9-2,2.7-2,2.9-2,2.6-12,2.9-2,2.9-2,2.7-2,2.6-12,2.9-2,2.7-2;wpa_supplicant-debugsource - 2.7-2,2.9-2,2.9-2;wpa_supplicant-debuginfo - 2.9-2,2.9-2,2.6-12,2.7-2	❌
CVE-2021-30004	Medium	5.3	multiple	Direct	wpa-supplicant - 2.9	❌

Details

CVE-2021-0516

Vulnerable Library - https://source.codeaurora.org/external/imx/aosp/platform/external/wpa_supplicant_8/android-mainline-10.0.0_r13

AOSP Platform External WPA Supplicant 8

Library home page: https://source.codeaurora.org/external/imx/aosp/platform/external/wpa_supplicant_8/

Found in base branch: master

Vulnerable Source Files (2)

/src/p2p/p2p_pd.c
/src/p2p/p2p_pd.c

Vulnerability Details

In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181660448

Publish Date: 2021-06-21

URL: CVE-2021-0516

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://source.android.com/security/bulletin/2021-06-01

Release Date: 2021-06-21

Fix Resolution: android-11.0.0_r38

Step up your Open Source Security Game with WhiteSource here

CVE-2021-27803

Vulnerable Library - https://source.codeaurora.org/external/imx/aosp/platform/external/wpa_supplicant_8/android-mainline-10.0.0_r13

AOSP Platform External WPA Supplicant 8

Library home page: https://source.codeaurora.org/external/imx/aosp/platform/external/wpa_supplicant_8/

Found in base branch: master

Vulnerable Source Files (2)

/src/p2p/p2p_pd.c
/src/p2p/p2p_pd.c

Vulnerability Details

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.

Publish Date: 2021-02-26

URL: CVE-2021-27803

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Adjacent
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-27803

Release Date: 2021-02-26

Fix Resolution: wpa_supplicant - 2.6-12,2.9-2,2.7-2,2.9-2,2.9-2,2.9-2,2.9-2,2.6-12,2.7-2,2.9-2,2.7-2,2.9-2,2.6-12,2.9-2,2.9-2,2.7-2,2.6-12,2.9-2,2.7-2;wpa_supplicant-debugsource - 2.7-2,2.9-2,2.9-2;wpa_supplicant-debuginfo - 2.9-2,2.9-2,2.6-12,2.7-2

Step up your Open Source Security Game with WhiteSource here

CVE-2021-30004

Vulnerable Libraries - https://source.codeaurora.org/external/imx/aosp/platform/external/wpa_supplicant_8/android-mainline-10.0.0_r13, https://source.codeaurora.org/external/imx/aosp/platform/external/wpa_supplicant_8/android-mainline-10.0.0_r13

Vulnerability Details

In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.

Publish Date: 2021-04-02

URL: CVE-2021-30004

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-30004

Release Date: 2021-04-02

Fix Resolution: wpa-supplicant - 2.9

Step up your Open Source Security Game with WhiteSource here