Insufficient Memory Address Information to prevent Arbitrary Memory Access from QSEE Secure Applications (CVE-2016-5349)
Release Date:
March 6, 2017
Affected Projects:
Android for MSMFirefox OS for MSMQRD Android
Advisory ID:
QCIR-2017-00015-1
CVE ID(s):
Summary:
The following security vulnerabilities have been identified: CVE-2016-5349 The high level operating systems (HLOS) was not providing sufficient memory address information to ensure that secure applications inside Qualcomm Secure Execution Environment (QSEE) only write to legitimate memory ranges related to the QSEE secure application’s HLOS client.
Access Vector: Local
Security Risk: High
Access Vector: Local
Affected Versions:
All Android releases from CAF using the Linux kernel.
Patch:
We advise customers to apply the following patches:
Individual Patches
CVE-2016-5349:
- https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=8d26e8eec156708c5a3d24502702638c9e265e8d
- https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b54cce804d722b1e7fe137a589fca5fd9e99a0a6
- https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=4a3e522b0db0a340073668b15785bcd87783e0f6
- https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=9bd398661cae758ffc557adc7de74ba32654e1f9
Note:
To ensure memory access is appropriately restricted, modifications to QSEE are required, see https://www.qualcomm.com/company/product-security/security-advisories
Acknowledgement:
Qualcomm Innovation Center, Inc. (QuIC) thanks the Android Security Team and Aravind Machiry (UCSB) for bringing this issue to QuIC's attention.
Revisions:
Initial