-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2017.0032
         Multiple vulnerabilities have been identified in Android
             prior to security patch level string 2017-04-05.
                               4 April 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Nexus devices
Operating System:     Android
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                      Increased Privileges            -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Access Confidential Data        -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2017-6426 CVE-2017-6425 CVE-2017-6424
                      CVE-2017-6423 CVE-2017-0586 CVE-2017-0585
                      CVE-2017-0584 CVE-2017-0583 CVE-2017-0582
                      CVE-2017-0581 CVE-2017-0580 CVE-2017-0579
                      CVE-2017-0578 CVE-2017-0577 CVE-2017-0576
                      CVE-2017-0575 CVE-2017-0574 CVE-2017-0573
                      CVE-2017-0572 CVE-2017-0571 CVE-2017-0570
                      CVE-2017-0569 CVE-2017-0568 CVE-2017-0567
                      CVE-2017-0566 CVE-2017-0565 CVE-2017-0564
                      CVE-2017-0563 CVE-2017-0562 CVE-2017-0561
                      CVE-2017-0560 CVE-2017-0559 CVE-2017-0558
                      CVE-2017-0557 CVE-2017-0556 CVE-2017-0555
                      CVE-2017-0554 CVE-2017-0553 CVE-2017-0552
                      CVE-2017-0551 CVE-2017-0550 CVE-2017-0549
                      CVE-2017-0548 CVE-2017-0547 CVE-2017-0546
                      CVE-2017-0545 CVE-2017-0544 CVE-2017-0543
                      CVE-2017-0542 CVE-2017-0541 CVE-2017-0540
                      CVE-2017-0539 CVE-2017-0538 CVE-2017-0462
                      CVE-2017-0454 CVE-2017-0339 CVE-2017-0332
                      CVE-2017-0330 CVE-2017-0329 CVE-2017-0328
                      CVE-2017-0327 CVE-2017-0325 CVE-2016-10244
                      CVE-2016-10239 CVE-2016-10238 CVE-2016-10237
                      CVE-2016-10236 CVE-2016-10235 CVE-2016-10234
                      CVE-2016-10233 CVE-2016-10232 CVE-2016-10231
                      CVE-2016-10230 CVE-2016-10229 CVE-2016-8489
                      CVE-2016-8465 CVE-2016-7097 CVE-2016-5349
                      CVE-2016-5346 CVE-2016-5129 CVE-2015-9003
                      CVE-2015-9002 CVE-2015-9001 CVE-2015-9000
                      CVE-2015-8999 CVE-2015-8998 CVE-2015-8997
                      CVE-2015-8996 CVE-2015-8995 CVE-2014-9937
                      CVE-2014-9936 CVE-2014-9935 CVE-2014-9934
                      CVE-2014-9933 CVE-2014-9932 CVE-2014-9931
                      CVE-2014-9922 CVE-2014-4656 CVE-2014-3145
                      CVE-2014-2706 CVE-2014-1739 CVE-2014-0206
Member content until: Thursday, May  4 2017
Reference:            ASB-2017.0002
                      ASB-2016.0077
                      ESB-2017.0757
                      ESB-2014.1028
                      ESB-2014.0893
                      ESB-2014.0831

OVERVIEW

        Multiple vulnerabilities have been identified in Android 
        prior to security patch level string 2017-04-05. [1]


IMPACT

        The vendor has provided the following information:
        
        "Security patch levels of 2017-04-01 or later must address the following issues.
        
        Issue 	                                                CVE 	                                                                                    Severity 	Affects Google devices?
        Remote code execution vulnerability in Mediaserver  	CVE-2017-0538, CVE-2017-0539, CVE-2017-0540, CVE-2017-0541, CVE-2017-0542, CVE-2017-0543    Critical 	Yes
        Elevation of privilege vulnerability in CameraBase  	CVE-2017-0544 	                                                                            High 	Yes
        Elevation of privilege vulnerability in Audioserver 	CVE-2017-0545 	                                                                            High 	Yes
        Elevation of privilege vulnerability in SurfaceFlinger 	CVE-2017-0546 	                                                                            High 	Yes
        Information disclosure vulnerability in Mediaserver 	CVE-2017-0547 	                                                                            High 	Yes
        Denial of service vulnerability in libskia          	CVE-2017-0548 	                                                                            High 	Yes
        Denial of service vulnerability in Mediaserver 	        CVE-2017-0549, CVE-2017-0550, CVE-2017-0551, CVE-2017-0552 	                            High 	Yes
        Elevation of privilege vulnerability in libnl       	CVE-2017-0553 	                                                                            Moderate 	Yes
        Elevation of privilege vulnerability in Telephony 	CVE-2017-0554 	                                                                            Moderate 	Yes
        Information disclosure vulnerability in Mediaserver 	CVE-2017-0555, CVE-2017-0556, CVE-2017-0557, CVE-2017-0558 	                            Moderate 	Yes
        Information disclosure vulnerability in libskia 	CVE-2017-0559 	                                                                            Moderate 	Yes
        Information disclosure vulnerability in Factory Reset 	CVE-2017-0560 	                                                                            Moderate 	Yes
        
        2017-04-05 security patch level-Vulnerability summary
        
        Security patch levels of 2017-04-05 or later must address all of the 2017-04-01 issues, as well as the following issues.
        Issue 	                                                                                    CVE 	                                                                                                                                                Severity 	Affects Google devices?
        Remote code execution vulnerability in Broadcom Wi-Fi firmware 	                            CVE-2017-0561 	                                                                                                                                        Critical 	Yes
        Remote code execution vulnerability in Qualcomm crypto engine driver 	                    CVE-2016-10230 	                                                                                                                                        Critical 	Yes
        Remote code execution vulnerability in kernel networking subsystem 	                    CVE-2016-10229 	                                                                                                                                        Critical 	Yes
        Elevation of privilege vulnerability in MediaTek touchscreen driver 	                    CVE-2017-0562 	                                                                                                                                        Critical 	No*
        Elevation of privilege vulnerability in HTC touchscreen driver 	                            CVE-2017-0563 	                                                                                                                                        Critical 	Yes
        Elevation of privilege vulnerability in kernel ION subsystem 	                            CVE-2017-0564 	                                                                                                                                        Critical 	Yes
        Vulnerabilities in Qualcomm components                                                      CVE-2016-10237, CVE-2016-10238, CVE-2016-10239 	                                                                                                        Critical 	Yes
        Remote code execution vulnerability in v8 	                                            CVE-2016-5129 	                                                                                                                                        High 	    Yes
        Remote code execution vulnerability in Freetype 	                                    CVE-2016-10244 	                                                                                                                                        High 	    Yes
        Elevation of privilege vulnerability in kernel sound subsystem 	                            CVE-2014-4656 	                                                                                                                                        High 	    Yes
        Elevation of privilege vulnerability in NVIDIA crypto driver 	                            CVE-2017-0339, CVE-2017-0332, CVE-2017-0327                                                                                                         	High 	    Yes
        Elevation of privilege vulnerability in MediaTek thermal driver 	                    CVE-2017-0565 	                                                                                                                                        High 	    No*
        Elevation of privilege vulnerability in MediaTek camera driver 	                            CVE-2017-0566 	                                                                                                                                        High 	    No*
        Elevation of privilege vulnerability in Broadcom Wi-Fi driver 	                            CVE-2017-0567, CVE-2017-0568, CVE-2017-0569, CVE-2017-0570, CVE-2017-0571, CVE-2017-0572, CVE-2017-0573, CVE-2017-0574 	                                High 	    Yes
        Elevation of privilege vulnerability in Qualcomm Wi-Fi driver 	                            CVE-2017-0575 	                                                                                                                                        High 	    Yes
        Elevation of privilege vulnerability in NVIDIA I2C HID driver 	                            CVE-2017-0325 	                                                                                                                                        High 	    Yes
        Elevation of privilege vulnerability in Qualcomm audio driver 	                            CVE-2017-0454 	                                                                                                                                        High 	    Yes
        Elevation of privilege vulnerability in Qualcomm crypto engine driver 	                    CVE-2017-0576 	                                                                                                                                        High 	    Yes
        Elevation of privilege vulnerability in HTC touchscreen driver                              CVE-2017-0577 	                                                                                                                                        High 	    No*
        Elevation of privilege vulnerability in DTS sound driver 	                            CVE-2017-0578 	                                                                                                                                        High 	    No*
        Elevation of privilege vulnerability in Qualcomm sound codec driver 	                    CVE-2016-10231 	                                                                                                                                        High 	    Yes
        Elevation of privilege vulnerability in Qualcomm video driver 	                            CVE-2017-0579, CVE-2016-10232, CVE-2016-10233 	                                                                                                        High 	    Yes
        Elevation of privilege vulnerability in NVIDIA boot and power management processor driver   CVE-2017-0329 	                                                                                                                                        High 	    Yes
        Elevation of privilege vulnerability in Synaptics touchscreen driver 	                    CVE-2017-0580, CVE-2017-0581 	                                                                                                                        High 	    No*
        Elevation of privilege vulnerability in Qualcomm Seemp driver 	                            CVE-2017-0462 	                                                                                                                                        High 	    Yes
        Elevation of privilege vulnerability in Qualcomm Kyro L2 driver 	                    CVE-2017-6423 	                                                                                                                                        High 	    Yes
        Elevation of privilege vulnerability in kernel file system          	                    CVE-2014-9922 	                                                                                                                                        High 	    Yes
        Information disclosure vulnerability in kernel memory subsystem 	                    CVE-2014-0206 	                                                                                                                                        High 	    Yes
        Information disclosure vulnerability in kernel networking subsystem 	                    CVE-2014-3145 	                                                                                                                                        High 	    Yes
        Information disclosure vulnerability in Qualcomm TrustZone 	                            CVE-2016-5349 	                                                                                                                                        High 	    Yes
        Information disclosure vulnerability in Qualcomm IPA driver 	                            CVE-2016-10234 	                                                                                                                                        High 	    Yes
        Denial of service vulnerability in kernel networking subsystem 	                            CVE-2014-2706 	                                                                                                                                        High 	    Yes
        Denial of service vulnerability in Qualcomm Wi-Fi driver 	                            CVE-2016-10235 	                                                                                                                                        High 	    No*
        Elevation of privilege vulnerability in kernel file system 	                            CVE-2016-7097 	                                                                                                                                        Moderate 	Yes
        Elevation of privilege vulnerability in Qualcomm Wi-Fi driver 	                            CVE-2017-6424 	                                                                                                                                        Moderate 	Yes
        Elevation of privilege vulnerability in Broadcom Wi-Fi driver 	                            CVE-2016-8465 	                                                                                                                                        Moderate 	Yes
        Elevation of privilege vulnerability in HTC OEM fastboot command 	                    CVE-2017-0582 	                                                                                                                                        Moderate 	Yes
        Elevation of privilege vulnerability in Qualcomm CP access driver 	                    CVE-2017-0583 	                                                                                                                                        Moderate 	Yes
        Information disclosure vulnerability in kernel media driver 	                            CVE-2014-1739 	                                                                                                                                        Moderate 	Yes
        Information disclosure vulnerability in Qualcomm Wi-Fi driver 	                            CVE-2017-0584 	                                                                                                                                        Moderate 	Yes
        Information disclosure vulnerability in Broadcom Wi-Fi driver 	                            CVE-2017-0585 	                                                                                                                                        Moderate 	Yes
        Information disclosure vulnerability in Qualcomm Avtimer driver 	                    CVE-2016-5346 	                                                                                                                                        Moderate 	Yes
        Information disclosure vulnerability in Qualcomm video driver 	                            CVE-2017-6425 	                                                                                                                                        Moderate 	Yes
        Information disclosure vulnerability in Qualcomm USB driver 	                            CVE-2016-10236 	                                                                                                                                        Moderate 	Yes
        Information disclosure vulnerability in Qualcomm sound driver 	                            CVE-2017-0586 	                                                                                                                                        Moderate 	Yes
        Information disclosure vulnerability in Qualcomm SPMI driver 	                            CVE-2017-6426 	                                                                                                                                        Moderate 	Yes
        Information disclosure vulnerability in NVIDIA crypto driver 	                            CVE-2017-0328, CVE-2017-0330 	                                                                                                                        Moderate 	No*
        Vulnerabilities in Qualcomm components** 	                                            CVE-2014-9931, CVE-2014-9932, CVE-2014-9933, CVE-2014-9934, CVE-2014-9935, CVE-2014-9936, CVE-2014-9937, CVE-2015-8995, CVE-2015-8996, CVE-2015-8997,  	Critical 	No*
        											    CVE-2015-8998, CVE-2015-8999, CVE-2015-9000, CVE-2015-9001, CVE-2015-9002, CVE-2015-9003, CVE-2016-8489
        * Supported Google devices on Android 7.0 or later that have installed
        all available updates are not affected by this vulnerability.
        
        ** These vulnerabilities affecting Qualcomm components were released
        by Qualcomm to their partners as part of Qualcomm AMSS security 
        bulletins between 2014–2016." [1]                                                                                  


MITIGATION

        Google advises it has released over-the-air (OTA) updates for Nexus,
        and partner updates have been released to the Android Open Source 
        Project (AOSP). Android users are advised to update to the latest 
        versions to address these issues. [1]


REFERENCES

        [1] Android Security Bulletin—April 2017
            https://source.android.com/security/bulletin/2017-04-01.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWOMs+Ix+lLeg9Ub1AQghfQ//du4hzk44/DlpDqfzEmmYZVWJoOFj8H/p
EsI8m7E5v6cfzjc6j2ch1R3Akjm5FCKJm4/EaWj4JjeiHjNTTFNRupNf2/k3LKbg
Z6hWUvizbWpA0LHcXHmTadTrs0k3QzYBYaO09qbdtiJx0UEQZkANaN/io5R/becT
9f68zFPzBbAPsMwhzPbwqCvME2dJ1mklBOoFXXDat5qcT/phoUzCV0djE6tk7bIa
GKXfGGnHFvVdBYhApMHifEA14gurIBVlBBeawhOrLLz54v/lFFNVn4Fd7uL5P5HL
pAulsBfRhShoNcdN5+rxhj8XqQq2VAn496IqupqdR9onGAujUZFeW3Pw3zP9lQt6
18XvUOuqj5lNzfEPt0spG2c33OZPSqzjM7K1YzZ2Q05DaYptANeWwywgPCOUfCg/
MbRpYEvCGj6kn7EbeN+2mt85lTIJ42heQWGKqtj9110HtCXbSfLJgG0yW3sYfwmG
Ji8vPphL54rpiWN/s5gUg8WJXaFpwSMzyutyyfsQd0+qet6yqcHd7voJWpgMC20A
Wy+OfBcw0QaLAavsMnPHByJtQTAV1pQBUyDzvIiWhfnJY0jYJtTn6AtjnSi0U2W/
6lgY90VjgL36TiTRU7JyFLdOopAtwB1hYS1BX0Hs3XW15AJBruDW/bK5vBqgKVTi
6XrUGwtlGZ0=
=hK4e
-----END PGP SIGNATURE-----