Version 1.0
This document describes security vulnerabilities that were addressed through software changes. Source code patches for these issues have been released to the Code Aurora Forum (CAF) and linked from this bulletin. These changes are applicable but not limited to Android for MSM (all Android releases from CAF using the Linux-kernel), Firefox OS for MSM & QRD Android projects. Customers were previously notified of the issues described in this bulletin. Each of the vulnerabilities has an associated security rating. A description of these ratings using v 1.2 of the ratings scheme can be found at the following link.
Please reach out to security-advisory@quicinc.com for any questions related to this bulletin.
Announcements
None.
Acknowledgements
We would like to thank these researchers for their contributions in reporting these issues to us.
CVE-2018-13905 | No credit, found internally before reported by external party. |
CVE-2018-13912 | Dai Yang (huahuaisadog) |
CVE-2018-13913 | Yuan-Tsung Lo and Xuxian Jiang of C0RE Team |
CVE-2018-13914 | 丁鹏飞 (604559863@qq.com) |
Table of vulnerabilities
Public ID | Security Rating | Technology Area | Date Reported |
CVE-2018-13900 | High | Data Network Stack & Connectivity | Internal |
CVE-2018-13905 | High | Graphics | Internal |
CVE-2018-13912 | Medium | Multimedia | 7/17/2018 |
CVE-2018-13913 | Medium | Display | 3/29/2017 |
CVE-2018-13914 | Medium | Automotive OS Platform Linux | 7/6/2017 |
CVE-2018-13900
CVE ID | CVE-2018-13900 |
Title | Use After Free issue in HLOS Data |
Description | Use-after-free vulnerability will occur as there is no protection for the route table`s rule in IPA driver. |
Technology Area | Data Network Stack & Connectivity |
Vulnerability Type | CWE-416 Use After Free |
Access Vector | Local |
Security Rating | High |
Date Reported | Internal |
Customer Notified Date | 11/5/2018 |
Patch |
CVE-2018-13905
CVE ID | CVE-2018-13905 |
Title | Use After Free issue in Linux Graphics |
Description | KGSL syncsource lock not handled properly during syncsource cleanup can lead to use after free issue |
Technology Area | Graphics |
Vulnerability Type | CWE-416 Use After Free |
Access Vector | Local |
Security Rating | High |
Date Reported | Internal |
Customer Notified Date | 11/5/2018 |
Patch |
CVE-2018-13912
CVE ID | CVE-2018-13912 |
Title | Untrusted Pointer Dereference in Camera |
Description | Arbitrary write issue occur when user provides kernel address In compat mode. |
Technology Area | Multimedia |
Vulnerability Type | CWE-822 Untrusted Pointer Dereference |
Access Vector | Local |
Security Rating | Medium |
Date Reported | 7/17/2018 |
Customer Notified Date | 11/5/2018 |
Patch |
CVE-2018-13913
CVE ID | CVE-2018-13913 |
Title | Improper Validation of Array Index in Display |
Description | Improper validation of array index can lead to unauthorized access while processing debugFS. |
Technology Area | Display |
Vulnerability Type | CWE-129 Improper Validation of Array Index |
Access Vector | Local |
Security Rating | Medium |
Date Reported | 3/29/2017 |
Customer Notified Date | 11/5/2018 |
Patch |
CVE-2018-13914
CVE ID | CVE-2018-13914 |
Title | Buffer Copy Without Checking Size of Input in OS |
Description | Lack of input validation for data received from user space can lead to an out of bound array issue. |
Technology Area | Automotive OS Platform Linux |
Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’) |
Access Vector | Local |
Security Rating | Medium |
Date Reported | 7/6/2017 |
Customer Notified Date | 11/5/2018 |
Patch |
Industry Coordination
Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:
- Consideration of security protections such as SELinux not enforced on some platforms
- Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation
vulnerabilities in the high level OS kernel
Version History
Version | Date | Comments |
1.0 | February 4, 2019 | Bulletin Published |