Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0032 Multiple vulnerabilities have been identified in Android prior to security patch level string 2017-04-05. 4 April 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Nexus devices Operating System: Android Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Increased Privileges -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-6426 CVE-2017-6425 CVE-2017-6424 CVE-2017-6423 CVE-2017-0586 CVE-2017-0585 CVE-2017-0584 CVE-2017-0583 CVE-2017-0582 CVE-2017-0581 CVE-2017-0580 CVE-2017-0579 CVE-2017-0578 CVE-2017-0577 CVE-2017-0576 CVE-2017-0575 CVE-2017-0574 CVE-2017-0573 CVE-2017-0572 CVE-2017-0571 CVE-2017-0570 CVE-2017-0569 CVE-2017-0568 CVE-2017-0567 CVE-2017-0566 CVE-2017-0565 CVE-2017-0564 CVE-2017-0563 CVE-2017-0562 CVE-2017-0561 CVE-2017-0560 CVE-2017-0559 CVE-2017-0558 CVE-2017-0557 CVE-2017-0556 CVE-2017-0555 CVE-2017-0554 CVE-2017-0553 CVE-2017-0552 CVE-2017-0551 CVE-2017-0550 CVE-2017-0549 CVE-2017-0548 CVE-2017-0547 CVE-2017-0546 CVE-2017-0545 CVE-2017-0544 CVE-2017-0543 CVE-2017-0542 CVE-2017-0541 CVE-2017-0540 CVE-2017-0539 CVE-2017-0538 CVE-2017-0462 CVE-2017-0454 CVE-2017-0339 CVE-2017-0332 CVE-2017-0330 CVE-2017-0329 CVE-2017-0328 CVE-2017-0327 CVE-2017-0325 CVE-2016-10244 CVE-2016-10239 CVE-2016-10238 CVE-2016-10237 CVE-2016-10236 CVE-2016-10235 CVE-2016-10234 CVE-2016-10233 CVE-2016-10232 CVE-2016-10231 CVE-2016-10230 CVE-2016-10229 CVE-2016-8489 CVE-2016-8465 CVE-2016-7097 CVE-2016-5349 CVE-2016-5346 CVE-2016-5129 CVE-2015-9003 CVE-2015-9002 CVE-2015-9001 CVE-2015-9000 CVE-2015-8999 CVE-2015-8998 CVE-2015-8997 CVE-2015-8996 CVE-2015-8995 CVE-2014-9937 CVE-2014-9936 CVE-2014-9935 CVE-2014-9934 CVE-2014-9933 CVE-2014-9932 CVE-2014-9931 CVE-2014-9922 CVE-2014-4656 CVE-2014-3145 CVE-2014-2706 CVE-2014-1739 CVE-2014-0206 Member content until: Thursday, May 4 2017 Reference: ASB-2017.0002 ASB-2016.0077 ESB-2017.0757 ESB-2014.1028 ESB-2014.0893 ESB-2014.0831 OVERVIEW Multiple vulnerabilities have been identified in Android prior to security patch level string 2017-04-05. [1] IMPACT The vendor has provided the following information: "Security patch levels of 2017-04-01 or later must address the following issues. Issue CVE Severity Affects Google devices? Remote code execution vulnerability in Mediaserver CVE-2017-0538, CVE-2017-0539, CVE-2017-0540, CVE-2017-0541, CVE-2017-0542, CVE-2017-0543 Critical Yes Elevation of privilege vulnerability in CameraBase CVE-2017-0544 High Yes Elevation of privilege vulnerability in Audioserver CVE-2017-0545 High Yes Elevation of privilege vulnerability in SurfaceFlinger CVE-2017-0546 High Yes Information disclosure vulnerability in Mediaserver CVE-2017-0547 High Yes Denial of service vulnerability in libskia CVE-2017-0548 High Yes Denial of service vulnerability in Mediaserver CVE-2017-0549, CVE-2017-0550, CVE-2017-0551, CVE-2017-0552 High Yes Elevation of privilege vulnerability in libnl CVE-2017-0553 Moderate Yes Elevation of privilege vulnerability in Telephony CVE-2017-0554 Moderate Yes Information disclosure vulnerability in Mediaserver CVE-2017-0555, CVE-2017-0556, CVE-2017-0557, CVE-2017-0558 Moderate Yes Information disclosure vulnerability in libskia CVE-2017-0559 Moderate Yes Information disclosure vulnerability in Factory Reset CVE-2017-0560 Moderate Yes 2017-04-05 security patch level-Vulnerability summary Security patch levels of 2017-04-05 or later must address all of the 2017-04-01 issues, as well as the following issues. Issue CVE Severity Affects Google devices? Remote code execution vulnerability in Broadcom Wi-Fi firmware CVE-2017-0561 Critical Yes Remote code execution vulnerability in Qualcomm crypto engine driver CVE-2016-10230 Critical Yes Remote code execution vulnerability in kernel networking subsystem CVE-2016-10229 Critical Yes Elevation of privilege vulnerability in MediaTek touchscreen driver CVE-2017-0562 Critical No* Elevation of privilege vulnerability in HTC touchscreen driver CVE-2017-0563 Critical Yes Elevation of privilege vulnerability in kernel ION subsystem CVE-2017-0564 Critical Yes Vulnerabilities in Qualcomm components CVE-2016-10237, CVE-2016-10238, CVE-2016-10239 Critical Yes Remote code execution vulnerability in v8 CVE-2016-5129 High Yes Remote code execution vulnerability in Freetype CVE-2016-10244 High Yes Elevation of privilege vulnerability in kernel sound subsystem CVE-2014-4656 High Yes Elevation of privilege vulnerability in NVIDIA crypto driver CVE-2017-0339, CVE-2017-0332, CVE-2017-0327 High Yes Elevation of privilege vulnerability in MediaTek thermal driver CVE-2017-0565 High No* Elevation of privilege vulnerability in MediaTek camera driver CVE-2017-0566 High No* Elevation of privilege vulnerability in Broadcom Wi-Fi driver CVE-2017-0567, CVE-2017-0568, CVE-2017-0569, CVE-2017-0570, CVE-2017-0571, CVE-2017-0572, CVE-2017-0573, CVE-2017-0574 High Yes Elevation of privilege vulnerability in Qualcomm Wi-Fi driver CVE-2017-0575 High Yes Elevation of privilege vulnerability in NVIDIA I2C HID driver CVE-2017-0325 High Yes Elevation of privilege vulnerability in Qualcomm audio driver CVE-2017-0454 High Yes Elevation of privilege vulnerability in Qualcomm crypto engine driver CVE-2017-0576 High Yes Elevation of privilege vulnerability in HTC touchscreen driver CVE-2017-0577 High No* Elevation of privilege vulnerability in DTS sound driver CVE-2017-0578 High No* Elevation of privilege vulnerability in Qualcomm sound codec driver CVE-2016-10231 High Yes Elevation of privilege vulnerability in Qualcomm video driver CVE-2017-0579, CVE-2016-10232, CVE-2016-10233 High Yes Elevation of privilege vulnerability in NVIDIA boot and power management processor driver CVE-2017-0329 High Yes Elevation of privilege vulnerability in Synaptics touchscreen driver CVE-2017-0580, CVE-2017-0581 High No* Elevation of privilege vulnerability in Qualcomm Seemp driver CVE-2017-0462 High Yes Elevation of privilege vulnerability in Qualcomm Kyro L2 driver CVE-2017-6423 High Yes Elevation of privilege vulnerability in kernel file system CVE-2014-9922 High Yes Information disclosure vulnerability in kernel memory subsystem CVE-2014-0206 High Yes Information disclosure vulnerability in kernel networking subsystem CVE-2014-3145 High Yes Information disclosure vulnerability in Qualcomm TrustZone CVE-2016-5349 High Yes Information disclosure vulnerability in Qualcomm IPA driver CVE-2016-10234 High Yes Denial of service vulnerability in kernel networking subsystem CVE-2014-2706 High Yes Denial of service vulnerability in Qualcomm Wi-Fi driver CVE-2016-10235 High No* Elevation of privilege vulnerability in kernel file system CVE-2016-7097 Moderate Yes Elevation of privilege vulnerability in Qualcomm Wi-Fi driver CVE-2017-6424 Moderate Yes Elevation of privilege vulnerability in Broadcom Wi-Fi driver CVE-2016-8465 Moderate Yes Elevation of privilege vulnerability in HTC OEM fastboot command CVE-2017-0582 Moderate Yes Elevation of privilege vulnerability in Qualcomm CP access driver CVE-2017-0583 Moderate Yes Information disclosure vulnerability in kernel media driver CVE-2014-1739 Moderate Yes Information disclosure vulnerability in Qualcomm Wi-Fi driver CVE-2017-0584 Moderate Yes Information disclosure vulnerability in Broadcom Wi-Fi driver CVE-2017-0585 Moderate Yes Information disclosure vulnerability in Qualcomm Avtimer driver CVE-2016-5346 Moderate Yes Information disclosure vulnerability in Qualcomm video driver CVE-2017-6425 Moderate Yes Information disclosure vulnerability in Qualcomm USB driver CVE-2016-10236 Moderate Yes Information disclosure vulnerability in Qualcomm sound driver CVE-2017-0586 Moderate Yes Information disclosure vulnerability in Qualcomm SPMI driver CVE-2017-6426 Moderate Yes Information disclosure vulnerability in NVIDIA crypto driver CVE-2017-0328, CVE-2017-0330 Moderate No* Vulnerabilities in Qualcomm components** CVE-2014-9931, CVE-2014-9932, CVE-2014-9933, CVE-2014-9934, CVE-2014-9935, CVE-2014-9936, CVE-2014-9937, CVE-2015-8995, CVE-2015-8996, CVE-2015-8997, Critical No* CVE-2015-8998, CVE-2015-8999, CVE-2015-9000, CVE-2015-9001, CVE-2015-9002, CVE-2015-9003, CVE-2016-8489 * Supported Google devices on Android 7.0 or later that have installed all available updates are not affected by this vulnerability. ** These vulnerabilities affecting Qualcomm components were released by Qualcomm to their partners as part of Qualcomm AMSS security bulletins between 2014–2016." [1] MITIGATION Google advises it has released over-the-air (OTA) updates for Nexus, and partner updates have been released to the Android Open Source Project (AOSP). Android users are advised to update to the latest versions to address these issues. [1] REFERENCES [1] Android Security Bulletin—April 2017 https://source.android.com/security/bulletin/2017-04-01.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWOMs+Ix+lLeg9Ub1AQghfQ//du4hzk44/DlpDqfzEmmYZVWJoOFj8H/p EsI8m7E5v6cfzjc6j2ch1R3Akjm5FCKJm4/EaWj4JjeiHjNTTFNRupNf2/k3LKbg Z6hWUvizbWpA0LHcXHmTadTrs0k3QzYBYaO09qbdtiJx0UEQZkANaN/io5R/becT 9f68zFPzBbAPsMwhzPbwqCvME2dJ1mklBOoFXXDat5qcT/phoUzCV0djE6tk7bIa GKXfGGnHFvVdBYhApMHifEA14gurIBVlBBeawhOrLLz54v/lFFNVn4Fd7uL5P5HL pAulsBfRhShoNcdN5+rxhj8XqQq2VAn496IqupqdR9onGAujUZFeW3Pw3zP9lQt6 18XvUOuqj5lNzfEPt0spG2c33OZPSqzjM7K1YzZ2Q05DaYptANeWwywgPCOUfCg/ MbRpYEvCGj6kn7EbeN+2mt85lTIJ42heQWGKqtj9110HtCXbSfLJgG0yW3sYfwmG Ji8vPphL54rpiWN/s5gUg8WJXaFpwSMzyutyyfsQd0+qet6yqcHd7voJWpgMC20A Wy+OfBcw0QaLAavsMnPHByJtQTAV1pQBUyDzvIiWhfnJY0jYJtTn6AtjnSi0U2W/ 6lgY90VjgL36TiTRU7JyFLdOopAtwB1hYS1BX0Hs3XW15AJBruDW/bK5vBqgKVTi 6XrUGwtlGZ0= =hK4e -----END PGP SIGNATURE-----