SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (Other)  >   Google Android Vendors:   Google
Google Android Multiple Flaws Let Users Deny Service, Obtain Potentially Sensitive Information, and Gain Elevated Privileges and Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1038201
SecurityTracker URL:  http://securitytracker.com/id/1038201
CVE Reference:   CVE-2014-0206, CVE-2014-1739, CVE-2014-2706, CVE-2014-3145, CVE-2014-4656, CVE-2014-9922, CVE-2014-9931, CVE-2014-9932, CVE-2014-9933, CVE-2014-9934, CVE-2014-9935, CVE-2014-9936, CVE-2014-9937, CVE-2015-8995, CVE-2015-8996, CVE-2015-8997, CVE-2015-8998, CVE-2015-8999, CVE-2015-9000, CVE-2015-9001, CVE-2015-9002, CVE-2015-9003, CVE-2016-10229, CVE-2016-10230, CVE-2016-10231, CVE-2016-10232, CVE-2016-10233, CVE-2016-10234, CVE-2016-10235, CVE-2016-10236, CVE-2016-10237, CVE-2016-10238, CVE-2016-10239, CVE-2016-10242, CVE-2016-10244, CVE-2016-5129, CVE-2016-5346, CVE-2016-5349, CVE-2016-7097, CVE-2016-8465, CVE-2017-0325, CVE-2017-0327, CVE-2017-0328, CVE-2017-0329, CVE-2017-0330, CVE-2017-0332, CVE-2017-0339, CVE-2017-0454, CVE-2017-0462, CVE-2017-0538, CVE-2017-0539, CVE-2017-0540, CVE-2017-0541, CVE-2017-0542, CVE-2017-0543, CVE-2017-0544, CVE-2017-0545, CVE-2017-0546, CVE-2017-0547, CVE-2017-0548, CVE-2017-0549, CVE-2017-0550, CVE-2017-0551, CVE-2017-0552, CVE-2017-0553, CVE-2017-0554, CVE-2017-0555, CVE-2017-0556, CVE-2017-0557, CVE-2017-0558, CVE-2017-0559, CVE-2017-0560, CVE-2017-0561, CVE-2017-0562, CVE-2017-0563, CVE-2017-0564, CVE-2017-0565, CVE-2017-0566, CVE-2017-0567, CVE-2017-0568, CVE-2017-0569, CVE-2017-0570, CVE-2017-0571, CVE-2017-0572, CVE-2017-0573, CVE-2017-0574, CVE-2017-0575, CVE-2017-0576, CVE-2017-0577, CVE-2017-0578, CVE-2017-0579, CVE-2017-0580, CVE-2017-0581, CVE-2017-0582, CVE-2017-0583, CVE-2017-0584, CVE-2017-0585, CVE-2017-0586, CVE-2017-6423, CVE-2017-6424, CVE-2017-6425, CVE-2017-6426   (Links to External Site)
Date:  Apr 7 2017
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Google Android. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions on the target system. An application can obtain potentially sensitive information. An application user can obtain elevated privileges on the target system.

Remote code execution may occur in the Mediaserver component [CVE-2017-0538, CVE-2017-0539, CVE-2017-0540, CVE-2017-0541, CVE-2017-0542, CVE-2017-0543].

Privilege escalation may occur in the CameraBase component [CVE-2017-0544].

Privilege escalation may occur in the Audioserver component [CVE-2017-0545].

Privilege escalation may occur in the SurfaceFlinger component [CVE-2017-0546].

Information disclosure may occur in the Mediaserver component [CVE-2017-0547].

Denial of service conditions may occur in the libskia component [CVE-2017-0548].

Denial of service conditions may occur in the Mediaserver component [CVE-2017-0549, CVE-2017-0550, CVE-2017-0551, CVE-2017-0552].

Privilege escalation may occur in the libnl component [CVE-2017-0553].

Privilege escalation may occur in the Telephony component [CVE-2017-0554].

Information disclosure may occur in the Mediaserver component [CVE-2017-0555, CVE-2017-0556, CVE-2017-0557, CVE-2017-0558].

Information disclosure may occur in the libskia component [CVE-2017-0559].

Information disclosure may occur in the Factory Reset component [CVE-2017-0560].

Remote code execution may occur in the Broadcom Wi-Fi firmware component [CVE-2017-0561].

Remote code execution may occur in the Qualcomm crypto engine driver component [CVE-2016-10230].

Remote code execution may occur in the kernel networking subsystem component [CVE-2016-10229].

Privilege escalation may occur in the MediaTek touchscreen driver component [CVE-2017-0562].

Privilege escalation may occur in the HTC touchscreen driver component [CVE-2017-0563].

Privilege escalation may occur in the kernel ION subsystem component [CVE-2017-0564].

Vulnerabilities may occur in Qualcomm components [CVE-2016-10237, CVE-2016-10238, CVE-2016-10239].

Remote code execution may occur in the v8 component [CVE-2016-5129].

Remote code execution may occur in the Freetype component [CVE-2016-10244].

Privilege escalation may occur in the kernel sound subsystem component [CVE-2014-4656].

Privilege escalation may occur in the NVIDIA crypto driver component [CVE-2017-0327, CVE-2017-0332, CVE-2017-0339].

Privilege escalation may occur in the MediaTek thermal driver component [CVE-2017-0565].

Privilege escalation may occur in the MediaTek camera driver component [CVE-2017-0566].

Privilege escalation may occur in the Broadcom Wi-Fi driver component [CVE-2017-0567, CVE-2017-0568, CVE-2017-0569, CVE-2017-0570, CVE-2017-0571, CVE-2017-0572, CVE-2017-0573, CVE-2017-0574].

Privilege escalation may occur in the Qualcomm Wi-Fi driver component [CVE-2017-0575].

Privilege escalation may occur in the NVIDIA I2C HID driver component [CVE-2017-0325].

Privilege escalation may occur in the Qualcomm audio driver component [CVE-2017-0454].

Privilege escalation may occur in the Qualcomm crypto engine driver component [CVE-2017-0576].

Privilege escalation may occur in the HTC touchscreen driver component [CVE-2017-0577].

Privilege escalation may occur in the DTS sound driver component [CVE-2017-0578].

Privilege escalation may occur in the Qualcomm sound codec driver component [CVE-2016-10231].

Privilege escalation may occur in the Qualcomm video driver component [CVE-2016-10232, CVE-2016-10233, CVE-2017-0579].

Privilege escalation may occur in the NVIDIA boot and power management processor component [CVE-2017-0329].

Privilege escalation may occur in the Synaptics touchscreen driver component [CVE-2017-0580, CVE-2017-0581].

Privilege escalation may occur in the Qualcomm Seemp driver component [CVE-2017-0462].

Privilege escalation may occur in the Qualcomm Kyro L2 driver component [CVE-2017-6423].

Privilege escalation may occur in the kernel file system component [CVE-2014-9922].

Information disclosure may occur in the kernel memory subsystem component [CVE-2014-0206].

Information disclosure may occur in the kernel networking subsystem component [CVE-2014-3145].

Information disclosure may occur in the Qualcomm TrustZone component [CVE-2016-5349].

Information disclosure may occur in the Qualcomm IPA driver component [CVE-2016-10234].

Denial of service conditions may occur in the kernel networking subsystem component [CVE-2014-2706].

Denial of service conditions may occur in the Qualcomm Wi-Fi driver component [CVE-2016-10235].

Privilege escalation may occur in the kernel file system component [CVE-2016-7097].

Privilege escalation may occur in the Qualcomm Wi-Fi driver component [CVE-2017-6424].

Privilege escalation may occur in the Broadcom Wi-Fi driver component [CVE-2016-8465].

Privilege escalation may occur in the HTC OEM fastboot command component [CVE-2017-0582].

Privilege escalation may occur in the Qualcomm CP access driver component [CVE-2017-0583].

Information disclosure may occur in the kernel media driver component [CVE-2014-1739].

Information disclosure may occur in the Qualcomm Wi-Fi driver component [CVE-2017-0584].

Information disclosure may occur in the Broadcom Wi-Fi driver component [CVE-2017-0585].

Information disclosure may occur in the Qualcomm Avtimer driver component [CVE-2016-5346].

Information disclosure may occur in the Qualcomm video driver component [CVE-2017-6425].

Information disclosure may occur in the Qualcomm USB driver component [CVE-2016-10236].

Information disclosure may occur in the Qualcomm sound driver component [CVE-2017-0586].

Information disclosure may occur in the Qualcomm SPMI driver component [CVE-2017-6426].

Information disclosure may occur in the NVIDIA crypto driver component [CVE-2017-0328, CVE-2017-0330].

Aravind Machiry of Shellphish Grill Team, Daxing Guo of Xuanwu Lab, Tencent, Derrek and Scott Bauer, Gal Beniamini of Project Zero, Gengjia Chen and pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd., Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd., Hao Chen of Alpha Team, Qihoo 360 Technology Co. Ltd., Ian Foster, Jack Tang of Trend Micro Inc., Jianjun Dai of Qihoo 360 Skyeye Labs, Jianqiang Zhao and pjf of IceSword Lab,
Qihoo 360, Mark Salyzyn of Google, Mike Anderson and Nathan Crandall of Tesla's Product Security Team, Peng Xiao, Chengming Yang, Ning You, Chao Yang, and Yang song of Alibaba Mobile Security Group, Pengfei Ding, Chenfu Bao, and Lenx Wei of Baidu X-Lab, Qidan He of KeenLab, Tencent, Roee Hay of Aleph Research, HCL Technologies, Scott Bauer,
Seven Shen of TrendMicro Mobile Threat Research Team, Tim Becker, Uma Sankar Pradhan, V.E.O of Mobile Threat Response Team, Trend Micro, Weichao Sun of Alibaba Inc, Wenlin Yang, Yonggang Guo of IceSword Lab, Qihoo 360 Technology Co. Ltd., Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd., and Zubin Mithra of Google reported these vulnerabilities.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can cause denial of service conditions.

An application can obtain potentially sensitive information on the target system.

An application can obtain elevated privileges on the target system.

Solution:   The vendor has issued a fix (2017-04-01 security patch level, 2017-04-05 security patch level).

The vendor advisory is available at:

https://source.android.com/security/bulletin/2017-04-01

Vendor URL:  source.android.com/security/bulletin/2017-04-01 (Links to External Site)
Cause:   Access control error, Boundary error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC