Operating System:

[Android]

Published:

06 September 2017

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2017.0141
                 Android Security Bulletin—September 2017
                             6 September 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Nexus devices
Operating System:     Android
Impact/Access:        Root Compromise          -- Existing Account      
                      Increased Privileges     -- Existing Account      
                      Denial of Service        -- Remote/Unauthenticated
                      Access Confidential Data -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2017-12146 CVE-2017-11041 CVE-2017-11040
                      CVE-2017-11002 CVE-2017-11001 CVE-2017-11000
                      CVE-2017-10999 CVE-2017-10998 CVE-2017-10997
                      CVE-2017-10996 CVE-2017-9725 CVE-2017-9724
                      CVE-2017-9720 CVE-2017-9677 CVE-2017-9676
                      CVE-2017-9150 CVE-2017-9076 CVE-2017-8890
                      CVE-2017-8281 CVE-2017-8280 CVE-2017-8278
                      CVE-2017-8277 CVE-2017-8251 CVE-2017-8250
                      CVE-2017-8247 CVE-2017-7616 CVE-2017-7495
                      CVE-2017-7487 CVE-2017-7065 CVE-2017-6983
                      CVE-2017-6346 CVE-2017-6214 CVE-2017-5897
                      CVE-2017-0804 CVE-2017-0803 CVE-2017-0802
                      CVE-2017-0801 CVE-2017-0800 CVE-2017-0799
                      CVE-2017-0798 CVE-2017-0797 CVE-2017-0796
                      CVE-2017-0795 CVE-2017-0794 CVE-2017-0793
                      CVE-2017-0792 CVE-2017-0791 CVE-2017-0790
                      CVE-2017-0789 CVE-2017-0788 CVE-2017-0787
                      CVE-2017-0786 CVE-2017-0784 CVE-2017-0780
                      CVE-2017-0779 CVE-2017-0778 CVE-2017-0777
                      CVE-2017-0776 CVE-2017-0775 CVE-2017-0774
                      CVE-2017-0773 CVE-2017-0772 CVE-2017-0771
                      CVE-2017-0770 CVE-2017-0769 CVE-2017-0768
                      CVE-2017-0767 CVE-2017-0766 CVE-2017-0765
                      CVE-2017-0764 CVE-2017-0763 CVE-2017-0762
                      CVE-2017-0761 CVE-2017-0760 CVE-2017-0759
                      CVE-2017-0758 CVE-2017-0757 CVE-2017-0756
                      CVE-2017-0755 CVE-2017-0753 CVE-2017-0752
Member content until: Friday, October  6 2017
Reference:            ASB-2017.0067
                      ESB-2017.2150.2
                      ESB-2017.1966
                      ESB-2017.1890

OVERVIEW

        Multiple vulnerabilities have been identified in Android prior to 
        security patch level strings 2017-09-01 and 2017-09-05. [1]


IMPACT

        The vendor has provided the following information:
        
        "2017-09-01 security patch level—Vulnerability details
        
        In the sections below, we provide details for each of the security 
        vulnerabilities that apply to the 2017-09-01 patch level. 
        Vulnerabilities are grouped under the component that they affect. 
        There is a description of the issue and a table with the CVE, 
        associated references, type of vulnerability, severity, and updated
        AOSP versions (where applicable). When available, we link the public
        change that addressed the issue to the bug ID, like the AOSP change
        list. When multiple changes relate to a single bug, additional 
        references are linked to numbers following the bug ID.
        
        Framework
        
        The most severe vulnerability in this section could enable a local 
        malicious application to bypass user interaction requirements in 
        order to gain access to additional permissions.
        
        CVE References Type Severity Updated AOSP versions
        
        CVE-2017-0752 A-62196835 EoP High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 
        7.0, 7.1.1, 7.1.2
        
        Libraries
        
        The most severe vulnerability in this section could enable a remote
        attacker using a specially crafted file to execute arbitrary code 
        within the context of an unprivileged process.
        
        CVE References Type Severity Updated AOSP versions
        
        CVE-2017-0753 A-62218744 RCE High 7.1.1, 7.1.2, 8.0
        
        CVE-2017-6983 A-63852675 RCE High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 
        7.0, 7.1.1, 7.1.2, 8.0
        
        CVE-2017-0755 A-32178311 EoP High 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 
        7.1.1, 7.1.2, 8.0
        
        Media Framework
        
        The most severe vulnerability in this section could enable a remote
        attacker using a specially crafted file to execute arbitrary code 
        within the context of a privileged process.
        
        CVE References Type Severity Updated AOSP versions
        
        CVE-2017-0756 A-34621073 RCE Critical 4.4.4, 5.0.2, 5.1.1, 6.0, 
        6.0.1, 7.0, 7.1.1, 7.1.2
        
        CVE-2017-0757 A-36006815 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
        
        CVE-2017-0758 A-36492741 RCE Critical 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,
        7.1.1, 7.1.2
        
        CVE-2017-0759 A-36715268 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
        
        CVE-2017-0760 A-37237396 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
        
        CVE-2017-0761 A-38448381 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2,
        8.0
        
        CVE-2017-0762 A-62214264 RCE Critical 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,
        7.1.1, 7.1.2
        
        CVE-2017-0763 A-62534693 RCE Critical 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,
        7.1.1, 7.1.2, 8.0
        
        CVE-2017-0764 A-62872015 RCE Critical 4.4.4, 5.0.2, 5.1.1, 6.0, 
        6.0.1, 7.0, 7.1.1, 7.1.2, 8.0
        
        CVE-2017-0765 A-62872863 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2,
        8.0
        
        CVE-2017-0766 A-37776688 RCE High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 
        7.0, 7.1.1, 7.1.2
        
        CVE-2017-0767 A-37536407 EoP High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 
        7.0, 7.1.1, 7.1.2
        
        CVE-2017-0768 A-62019992 EoP High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 
        7.0, 7.1.1, 7.1.2, 8.0
        
        CVE-2017-0769 A-37662122 EoP High 7.0, 7.1.1, 7.1.2, 8.0
        
        CVE-2017-0770 A-38234812 EoP High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 
        7.0, 7.1.1, 7.1.2, 8.0
        
        CVE-2017-0771 A-37624243 DoS High 7.0, 7.1.1, 7.1.2
        
        CVE-2017-0772 A-38115076 DoS High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0
        
        CVE-2017-0773 A-37615911 DoS High 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 
        7.1.1, 7.1.2, 8.0
        
        CVE-2017-0774 A-62673844 DoS High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 
        7.0, 7.1.1, 7.1.2
        
        CVE-2017-0775 A-62673179 DoS High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 
        7.0, 7.1.1, 7.1.2, 8.0
        
        CVE-2017-0776 A-38496660 ID Moderate 7.0, 7.1.1, 7.1.2, 8.0
        
        DoS High 6.0.1
        
        CVE-2017-0777 A-38342499 ID Moderate 7.0, 7.1.1, 7.1.2
        
        DoS High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1
        
        CVE-2017-0778 A-62133227 ID Moderate 7.0, 7.1.1, 7.1.2
        
        DoS High 5.0.2, 5.1.1, 6.0, 6.0.1
        
        CVE-2017-0779 A-38340117 ID Moderate 4.4.4, 5.0.2, 5.1.1, 6.0, 
        6.0.1, 7.0, 7.1.1, 7.1.2
        
        Runtime
        
        The most severe vulnerability in this section could enable a remote
        attacker using a specially crafted file to cause an application to 
        hang.
        
        CVE References Type Severity Updated AOSP versions
        
        CVE-2017-0780 A-37742976 DoS High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0
        
        System
        
        The most severe vulnerability in this section could enable a local 
        malicious application to bypass user interaction requirements in 
        order to gain access to user data.
        
        CVE References Type Severity Updated AOSP versions
        
        CVE-2017-0784 A-37287958 EoP Moderate 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,
        7.1.1, 7.1.2
        
        2017-09-05 security patch level—Vulnerability details
        
        In the sections below, we provide details for each of the security 
        vulnerabilities that apply to the 2017-09-05 patch level. 
        Vulnerabilities are grouped under the component that they affect and
        include details such as the CVE, associated references, type of 
        vulnerability, severity, component (where applicable), and updated 
        AOSP versions (where applicable). When available, we link the public
        change that addressed the issue to the bug ID, like the AOSP change
        list. When multiple changes relate to a single bug, additional 
        references are linked to numbers following the bug ID.
        
        Broadcom components
        
        The most severe vulnerability in this section could enable a 
        proximate attacker using a specially crafted file to execute 
        arbitrary code within the context of a privileged process.
        
        CVE References Type Severity Component
        
        CVE-2017-7065 A-62575138*
        
        B-V2017061202 RCE Critical Wi-Fi driver
        
        CVE-2017-0786 A-37351060*
        
        B-V2017060101 EoP High Wi-Fi driver
        
        CVE-2017-0787 A-37722970*
        
        B-V2017053104 EoP Moderate Wi-Fi driver
        
        CVE-2017-0788 A-37722328*
        
        B-V2017053103 EoP Moderate Wi-Fi driver
        
        CVE-2017-0789 A-37685267*
        
        B-V2017053102 EoP Moderate Wi-Fi driver
        
        CVE-2017-0790 A-37357704*
        
        B-V2017053101 EoP Moderate Wi-Fi driver
        
        CVE-2017-0791 A-37306719*
        
        B-V2017052302 EoP Moderate Wi-Fi driver
        
        CVE-2017-0792 A-37305578*
        
        B-V2017052301 ID Moderate Wi-Fi driver
        
        Imgtk components
        
        The most severe vulnerability in this section could enable a local 
        malicious application to access data outside of its permission 
        levels.
        
        CVE References Type Severity Component
        
        CVE-2017-0793 A-35764946* ID High Memory subsystem
        
        Kernel components
        
        The most severe vulnerability in this section could enable a remote
        attacker using a specially crafted file to execute arbitrary code 
        within the context of a privileged process.
        
        CVE References Type Severity Component
        
        CVE-2017-8890 A-38413975
        
        Upstream kernel RCE Critical Networking subsystem
        
        CVE-2017-9076 A-62299478
        
        Upstream kernel EoP High Networking subsystem
        
        CVE-2017-9150 A-62199770
        
        Upstream kernel ID High Linux kernel
        
        CVE-2017-7487 A-62070688
        
        Upstream kernel EoP High IPX protocol driver
        
        CVE-2017-6214 A-37901268
        
        Upstream kernel DoS High Networking subsystem
        
        CVE-2017-6346 A-37897645
        
        Upstream kernel EoP High Linux kernel
        
        CVE-2017-5897 A-37871211
        
        Upstream kernel ID High Networking subsystem
        
        CVE-2017-7495 A-62198330
        
        Upstream kernel ID High File system
        
        CVE-2017-7616 A-37751399
        
        Upstream kernel ID Moderate Linux kernel
        
        CVE-2017-12146 A-35676417
        
        Upstream kernel EoP Moderate Linux kernel
        
        CVE-2017-0794 A-35644812* EoP Moderate SCSI driver
        
        MediaTek components
        
        The most severe vulnerability in this section could enable a local 
        malicious application to execute arbitrary code within the context 
        of a privileged process.
        
        CVE References Type Severity Component
        
        CVE-2017-0795 A-36198473*
        
        M-ALPS03361480 EoP High Accessory detector driver
        
        CVE-2017-0796 A-62458865*
        
        M-ALPS03353884
        
        M-ALPS03353886
        
        M-ALPS03353887 EoP High AUXADC driver
        
        CVE-2017-0797 A-62459766*
        
        M-ALPS03353854 EoP High Accessory detector driver
        
        CVE-2017-0798 A-36100671*
        
        M-ALPS03365532 EoP High Kernel
        
        CVE-2017-0799 A-36731602*
        
        M-ALPS03342072 EoP High Lastbus
        
        CVE-2017-0800 A-37683975*
        
        M-ALPS03302988 EoP High TEEI
        
        CVE-2017-0801 A-38447970*
        
        M-ALPS03337980 EoP High LibMtkOmxVdec
        
        CVE-2017-0802 A-36232120*
        
        M-ALPS03384818 EoP Moderate Kernel
        
        CVE-2017-0803 A-36136137*
        
        M-ALPS03361477 EoP Moderate Accessory detector driver
        
        CVE-2017-0804 A-36274676*
        
        M-ALPS03361487 EoP Moderate MMC driver
        
        Qualcomm components
        
        The most severe vulnerability in this section could enable a remote
        attacker using a specially crafted file to execute arbitrary code 
        within the context of a privileged process.
        
        CVE References Type Severity Component
        
        CVE-2017-11041 A-36130225*
        
        QC-CR#2053101 RCE Critical LibOmxVenc
        
        CVE-2017-10996 A-38198574
        
        QC-CR#901529 ID High Linux kernel
        
        CVE-2017-9725 A-38195738
        
        QC-CR#896659 EoP High Memory subsystem
        
        CVE-2017-9724 A-38196929
        
        QC-CR#863303 EoP High Linux kernel
        
        CVE-2017-8278 A-62379474
        
        QC-CR#2013236 EoP High Audio driver
        
        CVE-2017-10999 A-36490777*
        
        QC-CR#2010713 EoP Moderate IPA driver
        
        CVE-2017-11001 A-36815555*
        
        QC-CR#270292 ID Moderate Wi-Fi driver
        
        CVE-2017-11002 A-37712167*
        
        QC-CR#2058452 QC-CR#2054690 QC-CR#2058455 ID Moderate Wi-Fi driver
        
        CVE-2017-8250 A-62379051
        
        QC-CR#2003924 EoP Moderate GPU driver
        
        CVE-2017-9677 A-62379475
        
        QC-CR#2022953 EoP Moderate Audio driver
        
        CVE-2017-10998 A-38195131
        
        QC-CR#108461 EoP Moderate Audio driver
        
        CVE-2017-9676 A-62378596
        
        QC-CR#2016517 ID Moderate File system
        
        CVE-2017-8280 A-62377236
        
        QC-CR#2015858 EoP Moderate WLAN driver
        
        CVE-2017-8251 A-62379525
        
        QC-CR#2006015 EoP Moderate Camera driver
        
        CVE-2017-10997 A-33039685*
        
        QC-CR#1103077 EoP Moderate PCI driver
        
        CVE-2017-11000 A-36136563*
        
        QC-CR#2031677 EoP Moderate Camera driver
        
        CVE-2017-8247 A-62378684
        
        QC-CR#2023513 EoP Moderate Camera driver
        
        CVE-2017-9720 A-36264696*
        
        QC-CR#2041066 EoP Moderate Camera driver
        
        CVE-2017-8277 A-62378788
        
        QC-CR#2009047 EoP Moderate Video driver
        
        CVE-2017-8281 A-62378232
        
        QC-CR#2015892 ID Moderate Automotive multimedia
        
        CVE-2017-11040 A-37567102*
        
        QC-CR#2038166 ID Moderate Video driver" [1]


MITIGATION

        Google advises it has released over-the-air (OTA) updates for Nexus and 
        Pixel devices,and partner updates have been released to the Android 
        Open Source Project (AOSP). Android users are advised to update to the 
        latest versions to address these issues. [1]


REFERENCES

        [1] Android Security Bulletin—September 2017
            https://source.android.com/security/bulletin/2017-09-01.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWa+NK4x+lLeg9Ub1AQjJRQ/+PFLris/iTrSQV6loukaGsURNiBdFmpmS
fbby3AFYupwgZ501OEEMuA17inS3IN6x7/Q8U/mkUPvVnQS5fdoi8UCm3jRbMq1O
2h3oB/lki+2JrLXOi/RZy5Nt8Id/fAisqm5UCtzXyBIzNpWHGHETKSO+arVrViMc
BPnubD4EJVeRKfeNNKhxgUzix1sFgGESonjMJ2BfaX71hPRUb9CoBMB/l89I/mX+
qDjTfxA2u3V8nYot9H/rBgA2JpssSnl16psH1Sf3znqKqzVPu9or8C1RC2qu4ikP
aUec2v/hYdSt+fTBB/aYP9W4z0d0y9d4AbDmOJyj0V10zI4U2J27CtVvU5wGcp8Y
HNBR124g7cMxyhu2Q19vaG8mWBjbWKQvhSA4BmpBVUQEy+064dEoIfyjGI/b/Xxl
nJXST0f0QKA/a/IF6h+mHGRHfP6dBbwi8H0avUqAv7d9G6jwg8IW4fM141/G3NdO
ZQRKPMagbe/uubBDqsLf4rrWNWAfMATk5Y1teaOhgaoFUbvSTkZrjfG/M62k3EZ+
EY5qctty9WuaApFD2iZTtQBHRhgRCS4aR24SPZckZwzPwyHVOHVAsDXZ2N0u26cY
d1O6e50PwFrKavSa7zFxzsHmi2pzMWatzes9uDneg2C7vIsYxiTcwBWQRfo2hAwx
ztL2yQVX4bk=
=lWdj
-----END PGP SIGNATURE-----