Security Bulletin

March 2019 Code Aurora Security Bulletin

By March 4, 2019 No Comments

Version 1.0

This document describes security vulnerabilities that were addressed through software changes. Source code patches for these issues have been released to the Code Aurora Forum (CAF) and linked from this bulletin. These changes are applicable but not limited to Android for MSM (all Android releases from CAF using the Linux-kernel), Firefox OS for MSM & QRD Android projects. Customers were previously notified of the issues described in this bulletin. Each of the vulnerabilities has an associated security rating. A description of these ratings using v 1.2 of the ratings scheme can be found at the following link.

Please reach out to security-advisory@quicinc.com for any questions related to this bulletin.

Announcements

None.

Acknowledgements

We would like to thank these researchers for their contributions in reporting these issues to us.

CVE-2017-8252 Adrian Tang, Simha Sethumadhavan, and Salvatore Stolfo, Columbia University
CVE-2018-11304, CVE-2018-5907 Reported to us through Google Android Security team; please see bulletins at https://source.android.com/security/overview/acknowledgements/ for individual credit information. For issues rated medium or lower, the individual credit information may appear in a future Android major release bulletin.

Table of vulnerabilities

Public ID Security Rating Technology Area Date Reported
CVE-2017-8252 Critical HLOS 4/14/2017
CVE-2018-11304 Medium Audio 2/20/2018
CVE-2018-5907 Medium Audio 2/20/2018
CVE-2018-11817 High DSP Service Internal
CVE-2018-13917 High Data Network Stack & Connectivity Internal

CVE-2017-8252

CVE ID CVE-2017-8252
Title Improper Authorization vulnerability in TrustZone
Description Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure.
Technology Area HLOS
Vulnerability Type CWE-285 Improper Authorization
Access Vector Local
Security Rating Critical
Date Reported 4/14/2017
Customer Notified Date 8/6/2018
Patch

CVE-2018-11304

CVE ID CVE-2018-11304
Title Buffer Copy Without Checking Size of Input vulnerability in Audio component
Description Possible buffer overflow in Audio due to lack of input validation of user-provided data that leads to integer overflow
Technology Area Audio
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating Medium
Date Reported 2/20/2018
Customer Notified Date 12/3/2018
Patch
  • Public CAF link is not available

CVE-2018-5907

CVE ID CVE-2018-5907
Title Buffer Copy Without Checking Size of Input vulnerability in Audio component
Description Possible buffer overflow in audio due to lack of input validation of user-provided data
Technology Area Audio
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’)
Access Vector Local
Security Rating Medium
Date Reported 2/20/2018
Customer Notified Date 12/3/2018
Patch
  • Public CAF link is not available

CVE-2018-11817

CVE ID CVE-2018-11817
Title Improper Access Control vulnerability in DSP
Description User can offload modules and bypass the android permission model by getting access to the DSP peripherals.
Technology Area DSP Service
Vulnerability Type CWE-264 Permissions, Privileges, and Access Controls
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 9/3/2018
Patch

CVE-2018-13917

CVE ID CVE-2018-13917
Title Use After Free vulnerability in sock_rfree module
Description Race condition while handling sockets in kernel can lead to use-after-free issue
Technology Area Data Network Stack & Connectivity
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 12/3/2018
Patch

Industry Coordination

Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:

  • Consideration of security protections such as SELinux not enforced on some platforms
  • Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel

Version History

Version Date Comments
1.0 March 4, 2019 Bulletin Published