Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2017.0141
Android Security Bulletin—September 2017
6 September 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Google Nexus devices
Operating System: Android
Impact/Access: Root Compromise -- Existing Account
Increased Privileges -- Existing Account
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2017-12146 CVE-2017-11041 CVE-2017-11040
CVE-2017-11002 CVE-2017-11001 CVE-2017-11000
CVE-2017-10999 CVE-2017-10998 CVE-2017-10997
CVE-2017-10996 CVE-2017-9725 CVE-2017-9724
CVE-2017-9720 CVE-2017-9677 CVE-2017-9676
CVE-2017-9150 CVE-2017-9076 CVE-2017-8890
CVE-2017-8281 CVE-2017-8280 CVE-2017-8278
CVE-2017-8277 CVE-2017-8251 CVE-2017-8250
CVE-2017-8247 CVE-2017-7616 CVE-2017-7495
CVE-2017-7487 CVE-2017-7065 CVE-2017-6983
CVE-2017-6346 CVE-2017-6214 CVE-2017-5897
CVE-2017-0804 CVE-2017-0803 CVE-2017-0802
CVE-2017-0801 CVE-2017-0800 CVE-2017-0799
CVE-2017-0798 CVE-2017-0797 CVE-2017-0796
CVE-2017-0795 CVE-2017-0794 CVE-2017-0793
CVE-2017-0792 CVE-2017-0791 CVE-2017-0790
CVE-2017-0789 CVE-2017-0788 CVE-2017-0787
CVE-2017-0786 CVE-2017-0784 CVE-2017-0780
CVE-2017-0779 CVE-2017-0778 CVE-2017-0777
CVE-2017-0776 CVE-2017-0775 CVE-2017-0774
CVE-2017-0773 CVE-2017-0772 CVE-2017-0771
CVE-2017-0770 CVE-2017-0769 CVE-2017-0768
CVE-2017-0767 CVE-2017-0766 CVE-2017-0765
CVE-2017-0764 CVE-2017-0763 CVE-2017-0762
CVE-2017-0761 CVE-2017-0760 CVE-2017-0759
CVE-2017-0758 CVE-2017-0757 CVE-2017-0756
CVE-2017-0755 CVE-2017-0753 CVE-2017-0752
Member content until: Friday, October 6 2017
Reference: ASB-2017.0067
ESB-2017.2150.2
ESB-2017.1966
ESB-2017.1890
OVERVIEW
Multiple vulnerabilities have been identified in Android prior to
security patch level strings 2017-09-01 and 2017-09-05. [1]
IMPACT
The vendor has provided the following information:
"2017-09-01 security patch level—Vulnerability details
In the sections below, we provide details for each of the security
vulnerabilities that apply to the 2017-09-01 patch level.
Vulnerabilities are grouped under the component that they affect.
There is a description of the issue and a table with the CVE,
associated references, type of vulnerability, severity, and updated
AOSP versions (where applicable). When available, we link the public
change that addressed the issue to the bug ID, like the AOSP change
list. When multiple changes relate to a single bug, additional
references are linked to numbers following the bug ID.
Framework
The most severe vulnerability in this section could enable a local
malicious application to bypass user interaction requirements in
order to gain access to additional permissions.
CVE References Type Severity Updated AOSP versions
CVE-2017-0752 A-62196835 EoP High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1,
7.0, 7.1.1, 7.1.2
Libraries
The most severe vulnerability in this section could enable a remote
attacker using a specially crafted file to execute arbitrary code
within the context of an unprivileged process.
CVE References Type Severity Updated AOSP versions
CVE-2017-0753 A-62218744 RCE High 7.1.1, 7.1.2, 8.0
CVE-2017-6983 A-63852675 RCE High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1,
7.0, 7.1.1, 7.1.2, 8.0
CVE-2017-0755 A-32178311 EoP High 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,
7.1.1, 7.1.2, 8.0
Media Framework
The most severe vulnerability in this section could enable a remote
attacker using a specially crafted file to execute arbitrary code
within the context of a privileged process.
CVE References Type Severity Updated AOSP versions
CVE-2017-0756 A-34621073 RCE Critical 4.4.4, 5.0.2, 5.1.1, 6.0,
6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0757 A-36006815 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0758 A-36492741 RCE Critical 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,
7.1.1, 7.1.2
CVE-2017-0759 A-36715268 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0760 A-37237396 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0761 A-38448381 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2,
8.0
CVE-2017-0762 A-62214264 RCE Critical 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,
7.1.1, 7.1.2
CVE-2017-0763 A-62534693 RCE Critical 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,
7.1.1, 7.1.2, 8.0
CVE-2017-0764 A-62872015 RCE Critical 4.4.4, 5.0.2, 5.1.1, 6.0,
6.0.1, 7.0, 7.1.1, 7.1.2, 8.0
CVE-2017-0765 A-62872863 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2,
8.0
CVE-2017-0766 A-37776688 RCE High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1,
7.0, 7.1.1, 7.1.2
CVE-2017-0767 A-37536407 EoP High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1,
7.0, 7.1.1, 7.1.2
CVE-2017-0768 A-62019992 EoP High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1,
7.0, 7.1.1, 7.1.2, 8.0
CVE-2017-0769 A-37662122 EoP High 7.0, 7.1.1, 7.1.2, 8.0
CVE-2017-0770 A-38234812 EoP High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1,
7.0, 7.1.1, 7.1.2, 8.0
CVE-2017-0771 A-37624243 DoS High 7.0, 7.1.1, 7.1.2
CVE-2017-0772 A-38115076 DoS High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0
CVE-2017-0773 A-37615911 DoS High 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,
7.1.1, 7.1.2, 8.0
CVE-2017-0774 A-62673844 DoS High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1,
7.0, 7.1.1, 7.1.2
CVE-2017-0775 A-62673179 DoS High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1,
7.0, 7.1.1, 7.1.2, 8.0
CVE-2017-0776 A-38496660 ID Moderate 7.0, 7.1.1, 7.1.2, 8.0
DoS High 6.0.1
CVE-2017-0777 A-38342499 ID Moderate 7.0, 7.1.1, 7.1.2
DoS High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1
CVE-2017-0778 A-62133227 ID Moderate 7.0, 7.1.1, 7.1.2
DoS High 5.0.2, 5.1.1, 6.0, 6.0.1
CVE-2017-0779 A-38340117 ID Moderate 4.4.4, 5.0.2, 5.1.1, 6.0,
6.0.1, 7.0, 7.1.1, 7.1.2
Runtime
The most severe vulnerability in this section could enable a remote
attacker using a specially crafted file to cause an application to
hang.
CVE References Type Severity Updated AOSP versions
CVE-2017-0780 A-37742976 DoS High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0
System
The most severe vulnerability in this section could enable a local
malicious application to bypass user interaction requirements in
order to gain access to user data.
CVE References Type Severity Updated AOSP versions
CVE-2017-0784 A-37287958 EoP Moderate 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,
7.1.1, 7.1.2
2017-09-05 security patch level—Vulnerability details
In the sections below, we provide details for each of the security
vulnerabilities that apply to the 2017-09-05 patch level.
Vulnerabilities are grouped under the component that they affect and
include details such as the CVE, associated references, type of
vulnerability, severity, component (where applicable), and updated
AOSP versions (where applicable). When available, we link the public
change that addressed the issue to the bug ID, like the AOSP change
list. When multiple changes relate to a single bug, additional
references are linked to numbers following the bug ID.
Broadcom components
The most severe vulnerability in this section could enable a
proximate attacker using a specially crafted file to execute
arbitrary code within the context of a privileged process.
CVE References Type Severity Component
CVE-2017-7065 A-62575138*
B-V2017061202 RCE Critical Wi-Fi driver
CVE-2017-0786 A-37351060*
B-V2017060101 EoP High Wi-Fi driver
CVE-2017-0787 A-37722970*
B-V2017053104 EoP Moderate Wi-Fi driver
CVE-2017-0788 A-37722328*
B-V2017053103 EoP Moderate Wi-Fi driver
CVE-2017-0789 A-37685267*
B-V2017053102 EoP Moderate Wi-Fi driver
CVE-2017-0790 A-37357704*
B-V2017053101 EoP Moderate Wi-Fi driver
CVE-2017-0791 A-37306719*
B-V2017052302 EoP Moderate Wi-Fi driver
CVE-2017-0792 A-37305578*
B-V2017052301 ID Moderate Wi-Fi driver
Imgtk components
The most severe vulnerability in this section could enable a local
malicious application to access data outside of its permission
levels.
CVE References Type Severity Component
CVE-2017-0793 A-35764946* ID High Memory subsystem
Kernel components
The most severe vulnerability in this section could enable a remote
attacker using a specially crafted file to execute arbitrary code
within the context of a privileged process.
CVE References Type Severity Component
CVE-2017-8890 A-38413975
Upstream kernel RCE Critical Networking subsystem
CVE-2017-9076 A-62299478
Upstream kernel EoP High Networking subsystem
CVE-2017-9150 A-62199770
Upstream kernel ID High Linux kernel
CVE-2017-7487 A-62070688
Upstream kernel EoP High IPX protocol driver
CVE-2017-6214 A-37901268
Upstream kernel DoS High Networking subsystem
CVE-2017-6346 A-37897645
Upstream kernel EoP High Linux kernel
CVE-2017-5897 A-37871211
Upstream kernel ID High Networking subsystem
CVE-2017-7495 A-62198330
Upstream kernel ID High File system
CVE-2017-7616 A-37751399
Upstream kernel ID Moderate Linux kernel
CVE-2017-12146 A-35676417
Upstream kernel EoP Moderate Linux kernel
CVE-2017-0794 A-35644812* EoP Moderate SCSI driver
MediaTek components
The most severe vulnerability in this section could enable a local
malicious application to execute arbitrary code within the context
of a privileged process.
CVE References Type Severity Component
CVE-2017-0795 A-36198473*
M-ALPS03361480 EoP High Accessory detector driver
CVE-2017-0796 A-62458865*
M-ALPS03353884
M-ALPS03353886
M-ALPS03353887 EoP High AUXADC driver
CVE-2017-0797 A-62459766*
M-ALPS03353854 EoP High Accessory detector driver
CVE-2017-0798 A-36100671*
M-ALPS03365532 EoP High Kernel
CVE-2017-0799 A-36731602*
M-ALPS03342072 EoP High Lastbus
CVE-2017-0800 A-37683975*
M-ALPS03302988 EoP High TEEI
CVE-2017-0801 A-38447970*
M-ALPS03337980 EoP High LibMtkOmxVdec
CVE-2017-0802 A-36232120*
M-ALPS03384818 EoP Moderate Kernel
CVE-2017-0803 A-36136137*
M-ALPS03361477 EoP Moderate Accessory detector driver
CVE-2017-0804 A-36274676*
M-ALPS03361487 EoP Moderate MMC driver
Qualcomm components
The most severe vulnerability in this section could enable a remote
attacker using a specially crafted file to execute arbitrary code
within the context of a privileged process.
CVE References Type Severity Component
CVE-2017-11041 A-36130225*
QC-CR#2053101 RCE Critical LibOmxVenc
CVE-2017-10996 A-38198574
QC-CR#901529 ID High Linux kernel
CVE-2017-9725 A-38195738
QC-CR#896659 EoP High Memory subsystem
CVE-2017-9724 A-38196929
QC-CR#863303 EoP High Linux kernel
CVE-2017-8278 A-62379474
QC-CR#2013236 EoP High Audio driver
CVE-2017-10999 A-36490777*
QC-CR#2010713 EoP Moderate IPA driver
CVE-2017-11001 A-36815555*
QC-CR#270292 ID Moderate Wi-Fi driver
CVE-2017-11002 A-37712167*
QC-CR#2058452 QC-CR#2054690 QC-CR#2058455 ID Moderate Wi-Fi driver
CVE-2017-8250 A-62379051
QC-CR#2003924 EoP Moderate GPU driver
CVE-2017-9677 A-62379475
QC-CR#2022953 EoP Moderate Audio driver
CVE-2017-10998 A-38195131
QC-CR#108461 EoP Moderate Audio driver
CVE-2017-9676 A-62378596
QC-CR#2016517 ID Moderate File system
CVE-2017-8280 A-62377236
QC-CR#2015858 EoP Moderate WLAN driver
CVE-2017-8251 A-62379525
QC-CR#2006015 EoP Moderate Camera driver
CVE-2017-10997 A-33039685*
QC-CR#1103077 EoP Moderate PCI driver
CVE-2017-11000 A-36136563*
QC-CR#2031677 EoP Moderate Camera driver
CVE-2017-8247 A-62378684
QC-CR#2023513 EoP Moderate Camera driver
CVE-2017-9720 A-36264696*
QC-CR#2041066 EoP Moderate Camera driver
CVE-2017-8277 A-62378788
QC-CR#2009047 EoP Moderate Video driver
CVE-2017-8281 A-62378232
QC-CR#2015892 ID Moderate Automotive multimedia
CVE-2017-11040 A-37567102*
QC-CR#2038166 ID Moderate Video driver" [1]
MITIGATION
Google advises it has released over-the-air (OTA) updates for Nexus and
Pixel devices,and partner updates have been released to the Android
Open Source Project (AOSP). Android users are advised to update to the
latest versions to address these issues. [1]
REFERENCES
[1] Android Security Bulletin—September 2017
https://source.android.com/security/bulletin/2017-09-01.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWa+NK4x+lLeg9Ub1AQjJRQ/+PFLris/iTrSQV6loukaGsURNiBdFmpmS
fbby3AFYupwgZ501OEEMuA17inS3IN6x7/Q8U/mkUPvVnQS5fdoi8UCm3jRbMq1O
2h3oB/lki+2JrLXOi/RZy5Nt8Id/fAisqm5UCtzXyBIzNpWHGHETKSO+arVrViMc
BPnubD4EJVeRKfeNNKhxgUzix1sFgGESonjMJ2BfaX71hPRUb9CoBMB/l89I/mX+
qDjTfxA2u3V8nYot9H/rBgA2JpssSnl16psH1Sf3znqKqzVPu9or8C1RC2qu4ikP
aUec2v/hYdSt+fTBB/aYP9W4z0d0y9d4AbDmOJyj0V10zI4U2J27CtVvU5wGcp8Y
HNBR124g7cMxyhu2Q19vaG8mWBjbWKQvhSA4BmpBVUQEy+064dEoIfyjGI/b/Xxl
nJXST0f0QKA/a/IF6h+mHGRHfP6dBbwi8H0avUqAv7d9G6jwg8IW4fM141/G3NdO
ZQRKPMagbe/uubBDqsLf4rrWNWAfMATk5Y1teaOhgaoFUbvSTkZrjfG/M62k3EZ+
EY5qctty9WuaApFD2iZTtQBHRhgRCS4aR24SPZckZwzPwyHVOHVAsDXZ2N0u26cY
d1O6e50PwFrKavSa7zFxzsHmi2pzMWatzes9uDneg2C7vIsYxiTcwBWQRfo2hAwx
ztL2yQVX4bk=
=lWdj
-----END PGP SIGNATURE-----