Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2018.0049
Android Security Bulletin - March 2018
6 March 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Google Android devices
Operating System: Android
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Increased Privileges -- Remote with User Interaction
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2017-18069 CVE-2017-18068 CVE-2017-18067
CVE-2017-18064 CVE-2017-18063 CVE-2017-18056
CVE-2017-17773 CVE-2017-16535 CVE-2017-16533
CVE-2017-16531 CVE-2017-16530 CVE-2017-16529
CVE-2017-16525 CVE-2017-15821 CVE-2017-15815
CVE-2017-14885 CVE-2017-14882 CVE-2017-14878
CVE-2017-13272 CVE-2017-13266 CVE-2017-13262
CVE-2017-13261 CVE-2017-13260 CVE-2017-13259
CVE-2017-13258 CVE-2017-13257 CVE-2017-13256
CVE-2017-13255 CVE-2017-13253 CVE-2017-13252
CVE-2017-13251 CVE-2017-13250 CVE-2017-13249
CVE-2017-13248 CVE-2017-6286 CVE-2017-6281
CVE-2016-10393
Member content until: Thursday, April 5 2018
OVERVIEW
Multiple vulnerabilities have been identified in Android prior to
versions 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. [1]
IMPACT
The vendor has provided the following information:
"2018-03-01 security patch level vulnerability details
In the sections below, we provide details for each of the security
vulnerabilities that apply to the 2018-03-01 patch level. Vulnerabilities are
grouped under the component that they affect. There is a description of the
issue and a table with the CVE, associated references, type of vulnerability,
severity, and updated AOSP versions (where applicable). When available, we link
the public change that addressed the issue to the bug ID, like the AOSP change
list. When multiple changes relate to a single bug, additional references are
linked to numbers following the bug ID.
Media framework
The most severe vulnerability in this section could enable a remote attacker
using a specially crafted file to execute arbitrary code within the context of
a privileged process.
CVE References Type Severity Updated AOSP versions
CVE-2017-13248 A-70349612 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
CVE-2017-13249 A-70399408 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
CVE-2017-13250 A-71375536 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
CVE-2017-13251 A-69269702 EoP Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
CVE-2017-13252 A-70526702 EoP High 8.0, 8.1
CVE-2017-13253 A-71389378 EoP High 8.0, 8.1
System
The most severe vulnerability in this section could enable a proximate attacker
to execute arbitrary code within the context of a privileged process.
CVE References Type Severity Updated AOSP versions
CVE-2017-13255 A-68776054 RCE Critical 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2,
8.0, 8.1
CVE-2017-13256 A-68817966 RCE Critical 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2,
8.0, 8.1
CVE-2017-13272 A-67110137 RCE Critical 7.0, 7.1.1, 7.1.2, 8.0, 8.1
CVE-2017-13266 A-69478941 RCE Critical 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2,
8.0, 8.1
CVE-2017-13257 A-67110692 ID High 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2,
8.0, 8.1
CVE-2017-13258 A-67863755 ID High 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2,
8.0, 8.1
CVE-2017-13259 A-68161546 ID High 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2,
8.0, 8.1
CVE-2017-13260 A-69177251 ID High 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2,
8.0, 8.1
CVE-2017-13261 A-69177292 ID High 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2,
8.0, 8.1
CVE-2017-13262 A-69271284 ID High 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2,
8.0, 8.1
2018-03-05 security patch level vulnerability details
In the sections below, we provide details for each of the security
vulnerabilities that apply to the 2018-03-05 patch level. Vulnerabilities are
grouped under the component that they affect and include details such as the
CVE, associated references, type of vulnerability, severity, component (where
applicable), and updated AOSP versions (where applicable). When available, we
link the public change that addressed the issue to the bug ID, like the AOSP
change list. When multiple changes relate to a single bug, additional
references are linked to numbers following the bug ID.
Kernel components
The most severe vulnerability in this section could enable a local malicious
application to execute arbitrary code within the context of a privileged
process.
CVE References Type Severity Component
CVE-2017-16530 A-69051940 EoP High UAS driver
Upstream kernel
CVE-2017-16525 A-69050921 EoP High USB driver
Upstream kernel
CVE-2017-16535 A-69052675 ID High USB driver
Upstream kernel
CVE-2017-16533 A-69052348 ID High USB driver
Upstream kernel
CVE-2017-16531 A-69052055 ID High USB driver
Upstream kernel
CVE-2017-16529 A-69051731 ID High USB sound driver
Upstream kernel
NVIDIA components
The most severe vulnerability in this section could enable a local malicious
application to execute arbitrary code within the context of a privileged
process.
CVE References Type Severity Component
CVE-2017-6281 A-66969318* EoP High Libnvomx
N-CVE-2017-6281
CVE-2017-6286 A-64893247* EoP High Libnvomx
N-CVE-2017-6286
Qualcomm components
The most severe vulnerability in this section could enable a remote attacker
using a specially crafted file to execute arbitrary code within the context of
a privileged process.
CVE References Type Severity Component
CVE-2017-18067 A-68992411 RCE Critical Wireless network driver
QC-CR#2081734 [2]
CVE-2017-15815 A-68992395 RCE Critical WLAN
QC-CR#2093392
CVE-2017-18068 A-70799990 EoP High WLAN
QC-CR#2072064
CVE-2017-18056 A-70237692 EoP High WLAN
QC-CR#2119404
CVE-2017-18063 A-68992442 EoP High WLAN
QC-CR#2114776
CVE-2017-18064 A-68992438 EoP High WLAN
QC-CR#2114323
CVE-2017-15821 A-68992432 EoP High WLAN
QC-CR#2113072
CVE-2017-14885 A-70237686 EoP High WLAN
QC-CR#2113758
A-67582682*
CVE-2017-18069 QC-CR#2054772 QC-CR# ID High WLAN
2058471
CVE-2017-14882 A-68992424 ID High WLAN
QC-CR#2101439
CVE-2017-14878 A-70237706 DoS High Wireless network driver
QC-CR#2064580 [2] [ 3]
Qualcomm closed-source components
These vulnerabilities affect Qualcomm components and are described in further
detail in the appropriate Qualcomm AMSS security bulletin or security alert.
The severity assessment of these issues is provided directly by Qualcomm.
CVE References Type Severity Component
CVE-2017-17773 A-70221445 QC-CR#2125554* N/A Critical Closed-source component
CVE-2016-10393 A-68326806 QC-CR#1055934* N/A High Closed-source component
" [1]
MITIGATION
Android users are advised to update to the latest versions to
address these issues. [1]
REFERENCES
[1] Android Security Bulletin - March 2018
https://source.android.com/security/bulletin/2018-03-01
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWp4ppox+lLeg9Ub1AQhF7Q//VK3MYiTFnw8S8XADNhQsFaI3/oBEkfWA
NjlSWR8DQ2fwWzRWPooh+aEhV4H1N4HxSLXd9klPcWAnQBCkvl0hdKMd0LyNAFC9
iaok5AM5W8Or2+Jys4mWbYmwdel2/MoATI8Z50ApeGEZICj40WddQavVQc9/5ld2
dD6/latWn5TczELvOnge16Q8jqJK+EAtm3jsElMkXltXbWJpxlwrc4GZ7p1FiRLR
cKVjZUH9IAJr40juzfhcRv6U3ZHAIfLvpnBqrDtkiNq7t+dJyZv6ljUQxJbJT+4y
siR0UnZAV3JIco60B7VsQQ28A5rP29KlaGSfHK6REgVTzcfAWcDI2Kzoz6QWMKdw
jgzzVlgdJq7sNdH5aJwNkBZ+tQoNm9jMCjoS240Rwynwk3jj1CPSnJHxZZfXILm4
jckz8eLfjzFfE/ehJA1VCgsaVTkkS+wo13D3ssrdFiaThlTehHDPX+bhp/TxAXV3
oUw96XFSY78fdJ4/QPP7HqIsVamxhwSRxoPOaXX76Mum9JzH96DsA+WaVeJsS7RQ
kVqhjTA52UeNr7cVHq/f5Uwj+FW8/Pn4ySHlDkGAupju5QfXuYyGoDS+ga43w+a0
cvn5whELHWni5bEIHsR1HdelDBHZX4vknGUdbr0jUIqmPsv2FVcGlnpwt6KGBFtm
nZi21TNF6XM=
=VQk1
-----END PGP SIGNATURE-----