-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0040
                 Android Security Bulletin - February 2018
                              6 February 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Android
Operating System:     Android
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Increased Privileges            -- Remote with User Interaction
                      Access Privileged Data          -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2017-17770 CVE-2017-17767 CVE-2017-17765
                      CVE-2017-17764 CVE-2017-17762 CVE-2017-17761
                      CVE-2017-17760 CVE-2017-15829 CVE-2017-15820
                      CVE-2017-15817 CVE-2017-15265 CVE-2017-14910
                      CVE-2017-14884 CVE-2017-13247 CVE-2017-13238
                      CVE-2017-13236 CVE-2017-13234 CVE-2017-13233
                      CVE-2017-13232 CVE-2017-13231 CVE-2017-13230
                      CVE-2017-13228 CVE-2017-11041 CVE-2017-6279
                      CVE-2017-6258 CVE-2015-9016 
Member content until: Thursday, March  8 2018

OVERVIEW

        Multiple vulnerabilities have been identified in Android prior to 
        security patch level strings 2018-02-01 and 2018-02-05. [1]


IMPACT

        The vendor has provided the following information:
        
        "
        2018-02-01 security patch level--Vulnerability details
        
        In the sections below, we provide details for each of the security
        vulnerabilities that apply to the 2018-02-01 patch level. Vulnerabilities are
        grouped under the component that they affect. There is a description of the
        issue and a table with the CVE, associated references, type of vulnerability,
        severity, and updated AOSP versions (where applicable). When available, we link
        the public change that addressed the issue to the bug ID, like the AOSP change
        list. When multiple changes relate to a single bug, additional references are
        linked to numbers following the bug ID.
        
        
        Media framework
        
        The most severe vulnerability in this section could enable a remote attacker
        using a specially crafted file to execute arbitrary code within the context of a
        privileged process.
        
        +----------------+------------+------+----------+------------------------------------------------+
        | CVE            | References | Type | Severity | Updated AOSP versions                          |
        +================+============+======+==========+================================================+
        | CVE-2017-13228 | A-69478425 | RCE  | Critical | 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1        |
        +----------------+------------+------+----------+------------------------------------------------+
        | CVE-2017-13231 | A-67962232 | EoP  | High     | 8.0, 8.1                                       |
        +----------------+------------+------+----------+------------------------------------------------+
        | CVE-2017-13232 | A-68953950 | ID   | High     | 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 |
        +----------------+------------+------+----------+------------------------------------------------+
        | CVE-2017-13230 | A-65483665 | DoS  | High     | 7.0, 7.1.1, 7.1.2, 8.0, 8.1                    |
        |                |            +------+----------+------------------------------------------------+
        |                |            | RCE  | Critical | 5.1.1, 6.0, 6.0.1                              |
        +----------------+------------+------+----------+------------------------------------------------+
        | CVE-2017-13233 | A-62851602 | DoS  | High     | 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 |
        +----------------+------------+------+----------+------------------------------------------------+
        | CVE-2017-13234 | A-68159767 | DoS  | High     | 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 |
        +----------------+------------+------+----------+------------------------------------------------+
        
        
        System
        
        The most severe vulnerability in this section could enable a local malicious
        application to execute commands normally limited to privileged processes.
        
        +----------------+------------+------+----------+-----------------------+
        | CVE            | References | Type | Severity | Updated AOSP versions |
        +================+============+======+==========+=======================+
        | CVE-2017-13236 | A-68217699 | EoP  | Moderate | 8.0, 8.1              |
        +----------------+------------+------+----------+-----------------------+
        
        In the sections below, we provide details for each of the security
        vulnerabilities that apply to the 2018-02-05 patch level. Vulnerabilities are
        grouped under the component that they affect and include details such as the
        CVE, associated references, type of vulnerability, severity, component (where
        applicable), and updated AOSP versions (where applicable). When available, we
        link the public change that addressed the issue to the bug ID, like the AOSP
        change list. When multiple changes relate to a single bug, additional references
        are linked to numbers following the bug ID.
        
        
        HTC components
        
        The most severe vulnerability in this section could enable a local malicious
        application to obtain unauthorized access to data.
        
        +----------------+-------------+------+----------+------------+
        | CVE            | References  | Type | Severity | Component  |
        +================+=============+======+==========+============+
        | CVE-2017-13238 | A-64610940* | ID   | High     | Bootloader |
        +----------------+-------------+------+----------+------------+
        | CVE-2017-13247 | A-71486645* | EoP  | Moderate | Bootloader |
        +----------------+-------------+------+----------+------------+
        
        
        Kernel components
        
        The most severe vulnerability in this section could enable a local malicious
        application to execute arbitrary code within the context of a privileged
        process.
        
        +----------------+-----------------+------+----------+----------------------+
        | CVE            | References      | Type | Severity | Component            |
        +================+=================+======+==========+======================+
        | CVE-2017-15265 | A-67900971      | EoP  | High     | ALSA                 |
        |                |                 |      |          |                      |
        |                | Upstream kernel |      |          |                      |
        +----------------+-----------------+------+----------+----------------------+
        | CVE-2015-9016  | A-63083046      | EoP  | High     | Multi-queue block IO |
        |                |                 |      |          |                      |
        |                | Upstream kernel |      |          |                      |
        +----------------+-----------------+------+----------+----------------------+
        | CVE-2017-17770 | A-65853158*     | EoP  | High     | Kernel               |
        +----------------+-----------------+------+----------+----------------------+
        
        
        NVIDIA components
        
        The most severe vulnerability in this section could enable a local malicious
        application to execute arbitrary code within the context of a privileged
        process.
        
        +---------------+-------------------------+------+----------+-----------------+
        | CVE           | References              | Type | Severity | Component       |
        +===============+=========================+======+==========+=================+
        | CVE-2017-6279 | A-65023166*             | EoP  | High     | Media framework |
        |               |                         |      |          |                 |
        |               |         N-CVE-2017-6279 |      |          |                 |
        +---------------+-------------------------+------+----------+-----------------+
        | CVE-2017-6258 | A-38027496*             | EoP  | High     | Media framework |
        |               |                         |      |          |                 |
        |               |         N-CVE-2017-6258 |      |          |                 |
        +---------------+-------------------------+------+----------+-----------------+
        
        
        Qualcomm components
        
        The most severe vulnerability in this section could enable a remote attacker
        using a specially crafted file to execute arbitrary code within the context of a
        privileged process.
        
        +----------------+-----------------------+------+----------+-----------------+
        | CVE            | References            | Type | Severity | Component       |
        +================+=======================+======+==========+=================+
        | CVE-2017-15817 | A-68992394            | RCE  | Critical | WLan            |
        |                |                       |      |          |                 |
        |                | QC-CR#2076603         |      |          |                 |
        +----------------+-----------------------+------+----------+-----------------+
        | CVE-2017-17760 | A-68992416            | RCE  | Critical | WLan            |
        |                | QC-CR#2082544         |      |          |                 |
        +----------------+-----------------------+------+----------+-----------------+
        | CVE-2017-11041 | A-35269676*           | EoP  | High     | Media framework |
        |                |                       |      |          |                 |
        |                |         QC-CR#2053101 |      |          |                 |
        +----------------+-----------------------+------+----------+-----------------+
        | CVE-2017-17767 | A-64750179*           | EoP  | High     | Media framework |
        |                |                       |      |          |                 |
        |                |         QC-CR#2115779 |      |          |                 |
        +----------------+-----------------------+------+----------+-----------------+
        | CVE-2017-17765 | A-68992445            | EoP  | High     | WLan            |
        |                |                       |      |          |                 |
        |                | QC-CR#2115112         |      |          |                 |
        +----------------+-----------------------+------+----------+-----------------+
        | CVE-2017-17762 | A-68992439            | EoP  | High     | WLan            |
        |                |                       |      |          |                 |
        |                | QC-CR#2114426         |      |          |                 |
        +----------------+-----------------------+------+----------+-----------------+
        | CVE-2017-14884 | A-68992429            | EoP  | High     | WLan            |
        |                |                       |      |          |                 |
        |                | QC-CR#2113052         |      |          |                 |
        +----------------+-----------------------+------+----------+-----------------+
        | CVE-2017-15829 | A-68992397            | EoP  | High     | Graphics_Linux  |
        |                |                       |      |          |                 |
        |                | QC-CR#2097917         |      |          |                 |
        +----------------+-----------------------+------+----------+-----------------+
        | CVE-2017-15820 | A-68992396            | EoP  | High     | Graphics_Linux  |
        |                |                       |      |          |                 |
        |                | QC-CR#2093377         |      |          |                 |
        +----------------+-----------------------+------+----------+-----------------+
        | CVE-2017-17764 | A-68992443            | EoP  | High     | WLan            |
        |                |                       |      |          |                 |
        |                | QC-CR#2114789         |      |          |                 |
        +----------------+-----------------------+------+----------+-----------------+
        | CVE-2017-17761 | A-68992434            | EoP  | High     | WLan            |
        |                |                       |      |          |                 |
        |                | QC-CR#2114187         |      |          |                 |
        +----------------+-----------------------+------+----------+-----------------+
        
        
        Qualcomm closed-source components
        
        These vulnerabilities affect Qualcomm components and are described in further
        detail in the appropriate Qualcomm AMSS security bulletin or security alert. The
        severity assessment of these issues is provided directly by Qualcomm.
        
        +----------------+-------------+------+----------+-------------------------+
        | CVE            | References  | Type | Severity | Component               |
        +================+=============+======+==========+=========================+
        | CVE-2017-14910 | A-62212114* | N/A  | High     | Closed-source component |
        +----------------+-------------+------+----------+-------------------------+
        "


MITIGATION

        Google advises it has released over-the-air (OTA) updates for Nexus
        and Pixel devices, and partner updates have been released to the 
        Android Open Source Project (AOSP). Android users are advised to 
        update to the latest versions to address these issues. [1]


REFERENCES

        [1] Android Security Bulletin - February 2018
            https://source.android.com/security/bulletin/2018-02-01

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWnkn2Ix+lLeg9Ub1AQgI9BAAi8a7cVTeKYBrNtv+y6SEafFWpQHypg50
uCdn7sfQ+r+Ri/8c3WOz37JtNYaAXBIIx8rMDmnULlmcJ0puv8wPGS9QicUSJ6Ju
U2Kc2yXtFZtoz5im6krfGhe3gldcnlrORII0Kcb7Lkg9JNgiSz7Etki6fxcRpSpY
ndUrjIGWjlSJJif8sRWI/UoPHhf2kMPt/1zXWpfEiJqOc1NXHWubXKywC+frnTnP
KntCZbODu6w6dcWDojQWkfIDNWYte7JCxUlAh37zHXTHT4gG/Uvhmc8y1+1QOwTK
Z0a3QOFxapYmOJBbSZRuS7BJk1J1FdJ7HGiFUBkms5vt5k1KTpUl1PZoZc/lWfs4
Rc6TBlPFhrfv8aTq9feeqM1+vL2TCeSIMDYFTkvDRyE94e0XUbt44kVQGYYFzIGl
U13sHg5nzM1mL/hr9dliwpP7mZEobdXBGLEjWVbOuYNuxDTIg/ryDazmx64v30JF
UNHJgkLL7kAX+ovrG7cKtQC7PLINB52PjnM6cR9XlT8yRzYdm1VaH7Ar8um44wjl
k/lYM3EpfHM/MECXUbxXOYd84x2cyyKJpShtlYfyEl5QA/iLPvnmCNwYM42WM94n
pLaLKK4myjuvdlqxHnUYnnH/m1USFRQx9qU0aPH+0Tys7JQxEwTAYl5Dl75MOUwL
pFbr8fJvdzY=
=9ULb
-----END PGP SIGNATURE-----