February 2019 Code Aurora Security Bulletin

By February 4, 2019Security Bulletin

Version 1.0

This document describes security vulnerabilities that were addressed through software changes. Source code patches for these issues have been released to the Code Aurora Forum (CAF) and linked from this bulletin. These changes are applicable but not limited to Android for MSM (all Android releases from CAF using the Linux-kernel), Firefox OS for MSM & QRD Android projects. Customers were previously notified of the issues described in this bulletin. Each of the vulnerabilities has an associated security rating. A description of these ratings using v 1.2 of the ratings scheme can be found at the following link.

Please reach out to security-advisory@quicinc.com for any questions related to this bulletin.

Announcements

None.

Acknowledgements

We would like to thank these researchers for their contributions in reporting these issues to us.

CVE-2018-13905 No credit, found internally before reported by external party.
CVE-2018-13912 Dai Yang (huahuaisadog)
CVE-2018-13913 Yuan-Tsung Lo and Xuxian Jiang of C0RE Team
CVE-2018-13914 丁鹏飞 (604559863@qq.com)

Table of vulnerabilities

Public ID Security Rating Technology Area Date Reported
CVE-2018-13900 High Data Network Stack & Connectivity Internal
CVE-2018-13905 High Graphics Internal
CVE-2018-13912 Medium Multimedia 7/17/2018
CVE-2018-13913 Medium Display 3/29/2017
CVE-2018-13914 Medium Automotive OS Platform Linux 7/6/2017

CVE-2018-13900

CVE ID CVE-2018-13900
Title Use After Free issue in HLOS Data
Description Use-after-free vulnerability will occur as there is no protection for the route table`s rule in IPA driver.
Technology Area Data Network Stack & Connectivity
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 11/5/2018
Patch

CVE-2018-13905

CVE ID CVE-2018-13905
Title Use After Free issue in Linux Graphics
Description KGSL syncsource lock not handled properly during syncsource cleanup can lead to use after free issue
Technology Area Graphics
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 11/5/2018
Patch

CVE-2018-13912

CVE ID CVE-2018-13912
Title Untrusted Pointer Dereference in Camera
Description Arbitrary write issue occur when user provides kernel address In compat mode.
Technology Area Multimedia
Vulnerability Type CWE-822 Untrusted Pointer Dereference
Access Vector Local
Security Rating Medium
Date Reported 7/17/2018
Customer Notified Date 11/5/2018
Patch

CVE-2018-13913

CVE ID CVE-2018-13913
Title Improper Validation of Array Index in Display
Description Improper validation of array index can lead to unauthorized access while processing debugFS.
Technology Area Display
Vulnerability Type CWE-129 Improper Validation of Array Index
Access Vector Local
Security Rating Medium
Date Reported 3/29/2017
Customer Notified Date 11/5/2018
Patch

CVE-2018-13914

CVE ID CVE-2018-13914
Title Buffer Copy Without Checking Size of Input in OS
Description Lack of input validation for data received from user space can lead to an out of bound array issue.
Technology Area Automotive OS Platform Linux
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating Medium
Date Reported 7/6/2017
Customer Notified Date 11/5/2018
Patch

Industry Coordination

Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:

  • Consideration of security protections such as SELinux not enforced on some platforms

  • Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation
    vulnerabilities in the high level OS kernel

Version History

Version Date Comments
1.0 February 4, 2019 Bulletin Published