-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0124
                   Android Security Bulletin - June 2018
                                5 June 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Android
Operating System:     Android
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Increased Privileges            -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Access Confidential Data        -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-9409 CVE-2018-9373 CVE-2018-9372
                      CVE-2018-9371 CVE-2018-9370 CVE-2018-9369
                      CVE-2018-9368 CVE-2018-9367 CVE-2018-9366
                      CVE-2018-9364 CVE-2018-9363 CVE-2018-9362
                      CVE-2018-9361 CVE-2018-9360 CVE-2018-9359
                      CVE-2018-9358 CVE-2018-9357 CVE-2018-9356
                      CVE-2018-9355 CVE-2018-9348 CVE-2018-9347
                      CVE-2018-9346 CVE-2018-9345 CVE-2018-9344
                      CVE-2018-9341 CVE-2018-9340 CVE-2018-9339
                      CVE-2018-9338 CVE-2018-5896 CVE-2018-5894
                      CVE-2018-5892 CVE-2018-5891 CVE-2018-5885
                      CVE-2018-5884 CVE-2018-5854 CVE-2018-5835
                      CVE-2018-5834 CVE-2018-5831 CVE-2018-5830
                      CVE-2018-5829 CVE-2018-5146 CVE-2018-3569
                      CVE-2017-18159 CVE-2017-18158 CVE-2017-18157
                      CVE-2017-18156 CVE-2017-18155 CVE-2017-17807
                      CVE-2017-17806 CVE-2017-17558 CVE-2017-13230
                      CVE-2017-13227 CVE-2017-13077 CVE-2017-6294
                      CVE-2017-6292 CVE-2017-6290 
Member content until: Thursday, July  5 2018
Reference:            ASB-2018.0060
                      ESB-2018.1441
                      ESB-2018.1321
                      ESB-2018.0776
                      ESB-2018.0775
                      ESB-2018.0774

OVERVIEW

        Multiple vulnerabilities have been identified in Android prior to 
        versions 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. [1]


IMPACT

        The vendor has provided the following information:
        
        "2018-06-01 security patch level vulnerability details
        
        In the sections below, we provide details for each of the security
        vulnerabilities that apply to the 2018-06-01 patch level. Vulnerabilities are
        grouped under the component that they affect. There is a description of the
        issue and a table with the CVE, associated references, type of vulnerability,
        severity, and updated AOSP versions (where applicable). When available, we link
        the public change that addressed the issue to the bug ID, like the AOSP change
        list. When multiple changes relate to a single bug, additional references are
        linked to numbers following the bug ID.
        
        Framework
        
        The most severe vulnerability in this section could enable a local malicious
        application to bypass user interaction requirements in order to gain access to
        additional permissions.
        
             CVE       References Type Severity          Updated AOSP versions
        CVE-2018-9338  A-71361168 EoP  High     6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
        CVE-2018-9339  A-71508348 EoP  High     8.0, 8.1
        CVE-2017-13227 A-69981710 ID   High     8.0, 8.1
        CVE-2018-9340  A-71360999 ID   High     6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
        
        Media framework
        
        The most severe vulnerability in this section could enable a remote attacker
        using a specially crafted file to execute arbitrary code within the context of
        a privileged process.
        
             CVE       References Type Severity          Updated AOSP versions
        CVE-2018-9341  A-74016277 RCE  Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
        CVE-2018-5146  A-77284393 RCE  Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
        CVE-2017-13230 A-65483665 RCE  Critical 6.0
        CVE-2018-9344  A-73172817 EoP  High     8.1
        CVE-2018-9345  A-77238250 ID   High     6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
        CVE-2018-9346  A-77238762 ID   High     6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
        CVE-2018-9347  A-68664359 DoS  High     6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
        CVE-2018-9348  A-68953854 DoS  High     6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
        
        System
        
        The most severe vulnerability in this section could enable a remote attacker
        using a specially crafted file to execute arbitrary code within the context of
        a privileged process.
        
             CVE      References Type Severity          Updated AOSP versions
        CVE-2018-9355 A-74016921 RCE  Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
        CVE-2018-9356 A-74950468 RCE  Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
        CVE-2018-9357 A-74947856 EoP  High     6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
        CVE-2018-9358 A-73172115 ID   High     6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
        CVE-2018-9359 A-74196706 ID   High     6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
        CVE-2018-9360 A-74201143 ID   High     6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
        CVE-2018-9361 A-74202041 ID   High     6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
        CVE-2018-9362 A-72298611 DoS  High     6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
        
        2018-06-05 security patch level--Vulnerability details
        
        In the sections below, we provide details for each of the security
        vulnerabilities that apply to the 2018-06-05 patch level. Vulnerabilities are
        grouped under the component that they affect and include details such as the
        CVE, associated references, type of vulnerability, severity, component (where
        applicable), and updated AOSP versions (where applicable). When available, we
        link the public change that addressed the issue to the bug ID, like the AOSP
        change list. When multiple changes relate to a single bug, additional
        references are linked to numbers following the bug ID.
        
        Kernel components
        
        The most severe vulnerability in this section could enable a local malicious
        application to execute arbitrary code within the context of a privileged
        process.
        
             CVE         References    Type Severity Component
        CVE-2018-9363  A-65853588*     EoP  High     bluetooth
        CVE-2017-17806 A-71752561      EoP  High     crypto
                       Upstream kernel
        CVE-2017-17807 A-71751178      EoP  High     Keyring
                       Upstream kernel
        CVE-2017-17558 A-71751622      EoP  High     USB
                       Upstream kernel
        
        LG components
        
        The most severe vulnerability in this section could enable a local attacker to
        bypass user interaction requirements in order to gain access to additional
        permissions.
        
             CVE      References  Type Severity Component
        CVE-2018-9364 A-69163111* EoP  Critical Bootloader
        
        Media framework
        
        The most severe vulnerability in this section could enable a local malicious
        application to bypass user interaction requirements in order to gain access to
        additional permissions.
        
             CVE       References   Type Severity Updated AOSP versions
        CVE-2018-9409 A-63144992    EoP  High     8.1
                      QC-CR#2114346
        
        MediaTek components
        
        The most severe vulnerability in this section could enable a remote attacker to
        execute arbitrary code within the context of the TCB.
        
             CVE        References   Type Severity     Component
        CVE-2018-9373 A-71867247*    EoP  Critical Mediatek WLAN TDLS
                      M-ALPS03740330
        CVE-2018-9366 A-72314499*    EoP  High     IMSA
                      M-ALPS03762526
        CVE-2018-9367 A-72314219*    EoP  High     Cameratool CCAP
                      M-ALPS03762692
        CVE-2018-9368 A-70727446*    EoP  High     mtksocaudio
                      M-ALPS03730693
        CVE-2018-9369 A-70514573*    EoP  High     bootloader
                      M-ALPS03666161
        CVE-2018-9370 A-70515281*    EoP  High     bootloader
                      M-ALPS03693488
        CVE-2018-9371 A-70515752*    EoP  High     Bootloader
                      M-ALPS03683903
        CVE-2018-9372 A-70730215*    EoP  High     bootloader
                      M-ALPS03676237
        
        NVIDIA components
        
        The most severe vulnerability in this section could enable a local malicious
        application to execute arbitrary code within the context of a privileged
        process.
        
             CVE      References  Type Severity     Component
        CVE-2017-6290 A-69559414* EoP  High     TLK TrustZone
                      N-200373895
        CVE-2017-6294 A-69316825* EoP  High     NVIDIA Tegra X1 TZ
                      N-200369095
        CVE-2017-6292 A-69480285* EoP  High     TLZ TrustZone
                      N-200373888
        
        Qualcomm components
        
        The most severe vulnerability in this section could enable a local attacker to
        bypass user interaction requirements in order to gain access to additional
        permissions.
        
             CVE                    References               Type Severity  Component
        CVE-2017-18158 A-68992400                            EoP  Critical Bootloader
                       QC-CR#2104056
        CVE-2018-3569  A-74237215                            EoP  Critical WLAN Host
                       QC-CR#2161920
        CVE-2017-18155 A-66734153*                           RCE  Critical Hardware
                       QC-CR#1050893                                       codec
        CVE-2018-5854  A-71800779                            EoP  Critical Bootloader
                       QC-CR#2183877
        CVE-2017-13077 A-63165064*                           EoP  High     WLAN
        CVE-2018-5896  A-70399602*                           ID   High     Diag driver
                       QC-CR#2163793
        CVE-2018-5829  A-74237546                            ID   High     WLAN
                       QC-CR#2151241
                       A-68992405
        CVE-2017-18159 QC-CR#2105697                         EoP  High     Bootloader
        
        CVE-2017-18158 A-67782849*                           EoP  High     Bootloader
                       QC-CR#2104056
        CVE-2018-5835  A-74237148                            EoP  High     WLAN Host
                       QC-CR#2153553
        CVE-2018-5834  A-74237804                            EoP  High     WLAN
                       QC-CR#2153326
        CVE-2018-5831  A-74237606                            EoP  High     GPU driver
                       QC-CR#2161310
        CVE-2018-5830  A-74237532                            EoP  High     WLAN Host
                       QC-CR#2157917
        
        Qualcomm closed-source components
        
        These vulnerabilities affect Qualcomm components and are described in further
        detail in the appropriate Qualcomm AMSS security bulletin or security alert.
        The severity assessment of these issues is provided directly by Qualcomm.
        
             CVE       References  Type Severity        Component
        CVE-2017-18157 A-73539080* N/A  High     Closed-source component
        CVE-2017-18156 A-73539065* N/A  High     Closed-source component
        CVE-2018-5892  A-72951191* N/A  High     Closed-source component
        CVE-2018-5891  A-72950815* N/A  High     Closed-source component
        CVE-2018-5885  A-72950554* N/A  High     Closed-source component
        CVE-2018-5894  A-74236854* N/A  High     Closed-source component
        CVE-2018-5884  A-74235510* N/A  High     Closed-source component"[1]


MITIGATION

        Android users are advised to update to the latest versions to 
        address these issues. [1]


REFERENCES

        [1] Android Security Bulletin - June 2018
            https://source.android.com/security/bulletin/2018-06-01

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWxXoqWaOgq3Tt24GAQhUEBAAsX1lEtQO99QJp4kkVj03G6bnUzSmqaw4
FSazrxpl5rDOPikp4jkdypdeSzmEI7Cssye9F+8C5IicA1WLG6NQEtAoCWm8N0IM
3yZCIweCxMF1YBco+ELp50KN2jQ8TahyzHx6uTUS7zjxU5QFKf8kAVxXJBHDOi9K
PBksxNuCcSd2z5U2L3NiVlQQdsoQErZeUZdCkkGkNS0u21z77xx23nweK83HnOl4
rgDXgNZHjB942yt3jmobcjMO2887E3bcKV5yIfqXuq3owSIjTb5NxVqQ9eHQ7ajH
OdwlfU15CO65XFeAk7UPihcZTa2Q7XSnmteYjNkHfjETDxww7Oq5K8FB4C7P8Gmk
i1ZVh+gJCGpeZY3clBajqxCPWInXazYomzn7JuCdQDGJhRXSuJpn/G+NMLzlDz76
UY/Yi1Kgaf3ZdMN8eKzHCfNTiG36KOOWmtJJXkuAz2ihk6UyjTpJEy/ER7KFybNH
J5ffO54Au/rSe7qXzIKI4Kp6czK+D+zw6gLGnSXdYuOS3hhFxK09kCyxEzAffNGc
ZDVsO9c1g3Jd+zGq0Up5XvFYmjbQhddfxpXeIa8V7NWB/hGkaK36EYEU4t5KxvkO
5QxzfEgqhRG4gaXLswaRmmfteYMDE8xs8x/N5wsVdX8BlZKSsIzQRP14j4zW23+m
gA3U6tX6dsQ=
=6dO1
-----END PGP SIGNATURE-----