Android Patchday: 57 holes closed

6 critical holes got a fix, the Media Framework got yet again fixes (like every patchday since 2015) among nVidia and Qualcomm patches. Pixel owner can download a ‘fixed’ OTA image, which solves a huge issue with the latest patchday.

android1-71cb45c4a86f9f17
Picture: heise.de

The complete changelog is available here, every Android version beginning from Android 5.1.1 are supported. 28 patches overall which including 57 holes in total.

Media Framework

CVE References Type Severity Updated AOSP versions
CVE-2017-13228 A-69478425 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
CVE-2017-13231 A-67962232 EoP High 8.0, 8.1
CVE-2017-13232 A-68953950 ID High 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
CVE-2017-13230 A-65483665 DoS High 7.0, 7.1.1, 7.1.2, 8.0, 8.1
RCE Critical 5.1.1, 6.0, 6.0.1
CVE-2017-13233 A-62851602 DoS High 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
CVE-2017-13234 A-68159767 DoS High 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1

System

CVE References Type Severity Updated AOSP versions
CVE-2017-13236 A-68217699 EoP Moderate 8.0, 8.1

HTC components

CVE References Type Severity Component
CVE-2017-13238 A-64610940* ID High Bootloader
CVE-2017-13247 A-71486645* EoP Moderate Bootloader

Kernel components

CVE References Type Severity Component
CVE-2017-15265 A-67900971
Upstream kernel
EoP High ALSA
CVE-2015-9016 A-63083046
Upstream kernel
EoP High Multi-queue block IO
CVE-2017-17770 A-65853158* EoP High Kernel

NVIDIA components

CVE References Type Severity Component
CVE-2017-6279 A-65023166*
N-CVE-2017-6279
EoP High Media framework
CVE-2017-6258 A-38027496*
N-CVE-2017-6258
EoP High Media framework

Qualcomm components

CVE References Type Severity Component
CVE-2017-15817 A-68992394
QC-CR#2076603 [2] [ 2]
RCE Critical WLan
CVE-2017-17760 A-68992416
QC-CR#2082544 [2] [ 2]
RCE Critical WLan
CVE-2017-11041 A-35269676*
QC-CR#2053101
EoP High Media framework
CVE-2017-17767 A-64750179*
QC-CR#2115779
EoP High Media framework
CVE-2017-17765 A-68992445
QC-CR#2115112
EoP High WLan
CVE-2017-17762 A-68992439
QC-CR#2114426
EoP High WLan
CVE-2017-14884 A-68992429
QC-CR#2113052
EoP High WLan
CVE-2017-15829 A-68992397
QC-CR#2097917
EoP High Graphics_Linux
CVE-2017-15820 A-68992396
QC-CR#2093377
EoP High Graphics_Linux
CVE-2017-17764 A-68992443
QC-CR#2114789
EoP High WLan
CVE-2017-17761 A-68992434
QC-CR#2114187
EoP High WLan

Qualcomm closed-source components

CVE References Type Severity Component
CVE-2017-14910 A-62212114* N/A High Closed-source component

Conclusion

There is nothing much to mention this patchday, it’s a typically patchday, the components which regularly getting patches like nVidia, Qualcomm and the media framework are vulnerable since several years.

 

Comments are closed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: