Google fixes Critical Remote Code Execution issue in Android System component

Pierluigi Paganini March 03, 2021

Google addressed 37 vulnerabilities with the release of the Android security updates for March 2021, including a critical flaw in the System component.

Google released security updates to address 37 vulnerabilities as part of the Android security updates for March 2021, the most severe one is a critical flaw in the System component tracked as CVE-2021-0397.

Google addressed the flaw as part of the 2021-03-01 security patch level.

The CVE-2021-0397 vulnerability is a remote code execution issue and that affects Android 8.1, 9, 10, and 11 releases.

“The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process,” reads the advisory published by Google.

The tech giant also fixed a total of 27 other security flaws as part of the 2021-03-05 security patch level, including one in Kernel components, four in Qualcomm components, and 22 in Qualcomm closed-source components.

5 out of 27 issues were rated as critical (CVE-2020-11192, CVE-2020-11204, CVE-2020-11218, CVE-2020-11227, CVE-2020-11228) and affect Qualcomm closed-source components.

Google’s March 2021 Android Security Bulletin also includes the fix for the CVE-2021-0390 flaw in Project Mainline components, which affects Wi-Fi.

Why does this bulletin have two security patch levels?

  • “Devices that use the 2021-03-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.
  • Devices that use the security patch level of 2021-03-05 or newer must include all applicable patches in this (and previous) security bulletins.

Partners are encouraged to bundle the fixes for all issues they are addressing in a single update.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Google)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment