June 2018 Code Aurora Security Bulletin

Version 1.0

This document describes security vulnerabilities that were addressed through software changes. Source code patches for these issues have been released to the Code Aurora Forum (CAF) and linked from this bulletin. These changes are applicable but not limited to Android for MSM (all Android releases from CAF using the Linux-kernel), Firefox OS for MSM & QRD Android projects. Customers were previously notified of the issues described in this bulletin. Each of the vulnerabilities has an associated security rating. A description of these ratings using v 1.2 of the ratings scheme can be found at the following link.

Please reach out to security-advisory@quicinc.com for any questions related to this bulletin.

Announcements

None.

Acknowledgements

We would like to thank these researchers for their contributions in reporting these issues to us.

CVE-2017-13218 Google Project Zero
CVE-2017-18169, CVE-2018-5854, CVE-2018-5857, CVE-2018-5860 Reported to us through Google Android Security team; please see bulletins at https://source.android.com/security/bulletin/ for individual credit information.
CVE-2018-5863 derrek (https://twitter.com/derrekr6)

Table of vulnerabilities

Public ID Security Rating Technology Area Date Reported
CVE-2017-13218 High Kernel 7/28/2017
CVE-2017-18169 Medium Kernel 1/27/2017
CVE-2018-5854 High Boot 1/17/2018
CVE-2018-5857 Medium Audio 12/11/2017
CVE-2018-5860 Medium Display 3/3/2017
CVE-2018-5863 Medium WLAN HOST 12/11/2017

CVE-2017-13218

CVE ID CVE-2017-13218
Title Permissions, Privileges and Acess control issue in Kernel
Description Access to CNTVCT_EL0 could be used for side channel attacks and this could lead to local information disclosure with no additional execution privileges needed.
Technology Area Kernel
Vulnerability Type CWE-264 Permissions, Privileges, and Access Controls
Access Vector Local
Security Rating High
Date Reported 7/28/2017
Customer Notified Date 4/2/2018
Patch

CVE-2017-18169

CVE ID CVE-2017-18169
Title Reachable Assertion in Kernel
Description User process can perform the kernel DOS in ashmem when doing cache maintanence operation.
Technology Area Kernel
Vulnerability Type CWE-617 Reachable Assertion
Access Vector Local
Security Rating Medium
Date Reported 1/27/2017
Customer Notified Date 7/3/2017
Patch

CVE-2018-5854

CVE ID CVE-2018-5854
Title Stack-based Buffer Overflow in Boot
Description In fastboot, a stack-based buffer overflow can occur.
Technology Area Boot
Vulnerability Type CWE-121 Stack-based Buffer Overflow
Access Vector Local
Security Rating High
Date Reported 1/17/2018
Customer Notified Date 4/2/2018
Patch

CVE-2018-5857

CVE ID CVE-2018-5857
Title Use After Free in Audio
Description In the WCD CPE codec, a Use After Free condition can occur.
Technology Area Audio
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating Medium
Date Reported 12/11/2017
Customer Notified Date 4/2/2018
Patch

CVE-2018-5860

CVE ID CVE-2018-5860
Title Use of Uninitialized Variable in Display
Description In the MDSS driver, a data structure may be used without being initialized correctly.
Technology Area Display
Vulnerability Type CWE-457 Use of Uninitialized Variable
Access Vector Local
Security Rating Medium
Date Reported 3/3/2017
Customer Notified Date 4/2/2018
Patch

CVE-2018-5863

CVE ID CVE-2018-5863
Title Buffer Copy without Checking Size of Input in WLAN
Description If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg80211_set_ie(), a buffer overflow occurs.
Technology Area WLAN HOST
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating Medium
Date Reported 12/11/2017
Customer Notified Date 4/2/2018
Patch

Industry Coordination

Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:

  • Consideration of security protections such as SELinux not enforced on some platforms
  • Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel

Version History

Version Date Comments
1.0 June 4, 2018 Bulletin Published