Insufficient Memory Address Information to prevent Arbitrary Memory Access from QSEE Secure Applications (CVE-2016-5349)

Release Date:

March 6, 2017

Affected Projects:

Android for MSMFirefox OS for MSMQRD Android

Advisory ID:

QCIR-2017-00015-1

CVE ID(s):

CVE-2016-5349

Summary:

The following security vulnerabilities have been identified: CVE-2016-5349 The high level operating systems (HLOS) was not providing sufficient memory address information to ensure that secure applications inside Qualcomm Secure Execution Environment (QSEE) only write to legitimate memory ranges related to the QSEE secure application’s HLOS client.

Access Vector: Local

Security Risk: High

Access Vector: Local

Affected Versions:

All Android releases from CAF using the Linux kernel.

Patch:

We advise customers to apply the following patches:

Individual Patches

CVE-2016-5349:

• https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=8d26e8eec156708c5a3d24502702638c9e265e8d
• https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b54cce804d722b1e7fe137a589fca5fd9e99a0a6
• https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=4a3e522b0db0a340073668b15785bcd87783e0f6
• https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=9bd398661cae758ffc557adc7de74ba32654e1f9

Note:

To ensure memory access is appropriately restricted, modifications to QSEE are required, see https://www.qualcomm.com/company/product-security/security-advisories

Acknowledgement:

Qualcomm Innovation Center, Inc. (QuIC) thanks the Android Security Team and Aravind Machiry (UCSB) for bringing this issue to QuIC's attention.

Revisions:

Initial

Contact: