Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2018-AVI-002
Vulnerability from certfr_avis - Published: 2018-01-03 - Updated: 2018-01-03
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Android toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 02 janvier 2018",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-13213",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13213"
},
{
"name": "CVE-2017-13190",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13190"
},
{
"name": "CVE-2017-15850",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15850"
},
{
"name": "CVE-2017-11066",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11066"
},
{
"name": "CVE-2017-13217",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13217"
},
{
"name": "CVE-2017-14911",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14911"
},
{
"name": "CVE-2017-11069",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11069"
},
{
"name": "CVE-2017-13207",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13207"
},
{
"name": "CVE-2017-13222",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13222"
},
{
"name": "CVE-2017-13180",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13180"
},
{
"name": "CVE-2017-13189",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13189"
},
{
"name": "CVE-2017-13182",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13182"
},
{
"name": "CVE-2017-15848",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15848"
},
{
"name": "CVE-2017-13179",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13179"
},
{
"name": "CVE-2017-14912",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14912"
},
{
"name": "CVE-2017-13209",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13209"
},
{
"name": "CVE-2017-9712",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9712"
},
{
"name": "CVE-2017-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13176"
},
{
"name": "CVE-2017-0869",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0869"
},
{
"name": "CVE-2017-13188",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13188"
},
{
"name": "CVE-2017-9689",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9689"
},
{
"name": "CVE-2017-13184",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13184"
},
{
"name": "CVE-2017-13194",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13194"
},
{
"name": "CVE-2017-13211",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13211"
},
{
"name": "CVE-2017-13220",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13220"
},
{
"name": "CVE-2017-13185",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13185"
},
{
"name": "CVE-2017-15537",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15537"
},
{
"name": "CVE-2017-15845",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15845"
},
{
"name": "CVE-2017-15849",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15849"
},
{
"name": "CVE-2017-11010",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11010"
},
{
"name": "CVE-2017-13181",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13181"
},
{
"name": "CVE-2017-9705",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9705"
},
{
"name": "CVE-2017-13177",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13177"
},
{
"name": "CVE-2017-13200",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13200"
},
{
"name": "CVE-2017-14906",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14906"
},
{
"name": "CVE-2017-13186",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13186"
},
{
"name": "CVE-2017-11072",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11072"
},
{
"name": "CVE-2017-11003",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11003"
},
{
"name": "CVE-2017-13203",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13203"
},
{
"name": "CVE-2017-13215",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13215"
},
{
"name": "CVE-2017-14873",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14873"
},
{
"name": "CVE-2017-13201",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13201"
},
{
"name": "CVE-2017-13225",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13225"
},
{
"name": "CVE-2017-14913",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14913"
},
{
"name": "CVE-2017-13219",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13219"
},
{
"name": "CVE-2017-13187",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13187"
},
{
"name": "CVE-2017-13214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13214"
},
{
"name": "CVE-2017-13191",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13191"
},
{
"name": "CVE-2017-13216",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13216"
},
{
"name": "CVE-2017-13193",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13193"
},
{
"name": "CVE-2017-13205",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13205"
},
{
"name": "CVE-2017-13192",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13192"
},
{
"name": "CVE-2017-13208",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13208"
},
{
"name": "CVE-2017-14915",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14915"
},
{
"name": "CVE-2017-0855",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0855"
},
{
"name": "CVE-2017-14870",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14870"
},
{
"name": "CVE-2017-13183",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13183"
},
{
"name": "CVE-2017-14869",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14869"
},
{
"name": "CVE-2017-13210",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13210"
},
{
"name": "CVE-2017-14497",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14497"
},
{
"name": "CVE-2017-14140",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14140"
},
{
"name": "CVE-2017-11081",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11081"
},
{
"name": "CVE-2017-13202",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13202"
},
{
"name": "CVE-2017-13178",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13178"
},
{
"name": "CVE-2017-13198",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13198"
},
{
"name": "CVE-2013-4397",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4397"
},
{
"name": "CVE-2017-13226",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13226"
},
{
"name": "CVE-2017-11080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11080"
},
{
"name": "CVE-2017-13204",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13204"
},
{
"name": "CVE-2017-13199",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13199"
},
{
"name": "CVE-2017-13212",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13212"
},
{
"name": "CVE-2017-13221",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13221"
},
{
"name": "CVE-2017-13206",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13206"
},
{
"name": "CVE-2017-11035",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11035"
},
{
"name": "CVE-2017-11473",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11473"
},
{
"name": "CVE-2017-13197",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13197"
},
{
"name": "CVE-2017-13195",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13195"
},
{
"name": "CVE-2017-15847",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15847"
},
{
"name": "CVE-2017-14879",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14879"
},
{
"name": "CVE-2017-13218",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13218"
},
{
"name": "CVE-2017-0846",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0846"
},
{
"name": "CVE-2017-13196",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13196"
},
{
"name": "CVE-2017-11079",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11079"
}
],
"initial_release_date": "2018-01-03T00:00:00",
"last_revision_date": "2018-01-03T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-002",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-01-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 02 janvier 2018",
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Pixel/Nexus du 02 janvier 2018",
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
]
}
CVE-2017-13212 (GCVE-0-2017-13212)
Vulnerability from cvelistv5 – Published: 2018-01-12 23:00 – Updated: 2024-09-16 22:03
VLAI
EPSS
Summary
An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187985.
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/pixe… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
5.1.1
Affected: 6.0 Affected: 6.0.1 Affected: 7.0 Affected: 7.1.1 Affected: 7.1.2 Affected: 8.0 |
Date Public
2018-01-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "5.1.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "8.0"
}
]
}
],
"datePublic": "2018-01-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187985."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T22:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-01-02T00:00:00",
"ID": "CVE-2017-13212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "5.1.1"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
},
{
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187985."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-13212",
"datePublished": "2018-01-12T23:00:00.000Z",
"dateReserved": "2017-08-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:03:03.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13213 (GCVE-0-2017-13213)
Vulnerability from cvelistv5 – Published: 2018-01-12 23:00 – Updated: 2024-09-17 03:43
VLAI
EPSS
Summary
An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. References: B-V2017081501.
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/pixe… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android kernel
|
Date Public
2018-01-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"datePublic": "2018-01-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. References: B-V2017081501."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T22:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-01-02T00:00:00",
"ID": "CVE-2017-13213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. References: B-V2017081501."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-13213",
"datePublished": "2018-01-12T23:00:00.000Z",
"dateReserved": "2017-08-23T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:43:05.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13214 (GCVE-0-2017-13214)
Vulnerability from cvelistv5 – Published: 2018-01-12 23:00 – Updated: 2024-09-16 17:44
VLAI
EPSS
Summary
In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38495900.
Severity
No CVSS data available.
CWE
- Denial of service
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1040106 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/102416 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android kernel
|
Date Public
2018-01-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "1040106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040106"
},
{
"name": "102416",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102416"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"datePublic": "2018-01-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38495900."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-13T10:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "1040106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040106"
},
{
"name": "102416",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102416"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-01-02T00:00:00",
"ID": "CVE-2017-13214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38495900."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "1040106",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040106"
},
{
"name": "102416",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102416"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-13214",
"datePublished": "2018-01-12T23:00:00.000Z",
"dateReserved": "2017-08-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:44:10.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13215 (GCVE-0-2017-13215)
Vulnerability from cvelistv5 – Published: 2018-01-12 23:00 – Updated: 2024-09-16 17:59
VLAI
EPSS
Summary
A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel.
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/102390 | vdb-entryx_refsource_BID |
| https://access.redhat.com/errata/RHSA-2018:2395 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2384 | vendor-advisoryx_refsource_REDHAT |
| https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1040106 | vdb-entryx_refsource_SECTRACK |
| https://access.redhat.com/errata/RHSA-2019:1170 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:1190 | vendor-advisoryx_refsource_REDHAT |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android kernel
|
Date Public
2018-01-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102390",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102390"
},
{
"name": "RHSA-2018:2395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2395"
},
{
"name": "RHSA-2018:2384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2384"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "1040106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040106"
},
{
"name": "RHSA-2019:1170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1170"
},
{
"name": "RHSA-2019:1190",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"datePublic": "2018-01-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-14T22:06:08.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"name": "102390",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102390"
},
{
"name": "RHSA-2018:2395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2395"
},
{
"name": "RHSA-2018:2384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2384"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "1040106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040106"
},
{
"name": "RHSA-2019:1170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1170"
},
{
"name": "RHSA-2019:1190",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-01-02T00:00:00",
"ID": "CVE-2017-13215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102390"
},
{
"name": "RHSA-2018:2395",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2395"
},
{
"name": "RHSA-2018:2384",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2384"
},
{
"name": "https://source.android.com/security/bulletin/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "1040106",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040106"
},
{
"name": "RHSA-2019:1170",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1170"
},
{
"name": "RHSA-2019:1190",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-13215",
"datePublished": "2018-01-12T23:00:00.000Z",
"dateReserved": "2017-08-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:59:42.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13216 (GCVE-0-2017-13216)
Vulnerability from cvelistv5 – Published: 2018-01-12 23:00 – Updated: 2024-09-16 20:32
VLAI
EPSS
Summary
In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/102390 | vdb-entryx_refsource_BID |
| https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM |
| https://www.exploit-db.com/exploits/43464/ | exploitx_refsource_EXPLOIT-DB |
| http://www.securitytracker.com/id/1040106 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android kernel
|
Date Public
2018-01-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102390",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102390"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "43464",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43464/"
},
{
"name": "1040106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"datePublic": "2018-01-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-13T10:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"name": "102390",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102390"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "43464",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43464/"
},
{
"name": "1040106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-01-02T00:00:00",
"ID": "CVE-2017-13216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102390"
},
{
"name": "https://source.android.com/security/bulletin/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "43464",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43464/"
},
{
"name": "1040106",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-13216",
"datePublished": "2018-01-12T23:00:00.000Z",
"dateReserved": "2017-08-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:32:01.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13217 (GCVE-0-2017-13217)
Vulnerability from cvelistv5 – Published: 2018-01-12 23:00 – Updated: 2024-09-16 19:09
VLAI
EPSS
Summary
In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without verifying that it's null-terminated. This could lead to a secure boot bypass and a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-68269077.
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/102423 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1040106 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android kernel
|
Date Public
2018-01-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "102423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102423"
},
{
"name": "1040106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"datePublic": "2018-01-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without verifying that it\u0027s null-terminated. This could lead to a secure boot bypass and a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-68269077."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-13T10:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "102423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102423"
},
{
"name": "1040106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-01-02T00:00:00",
"ID": "CVE-2017-13217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without verifying that it\u0027s null-terminated. This could lead to a secure boot bypass and a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-68269077."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "102423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102423"
},
{
"name": "1040106",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-13217",
"datePublished": "2018-01-12T23:00:00.000Z",
"dateReserved": "2017-08-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:09:18.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13218 (GCVE-0-2017-13218)
Vulnerability from cvelistv5 – Published: 2018-01-12 23:00 – Updated: 2024-09-16 20:21
VLAI
EPSS
Summary
Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear could be used for side channel attacks and this could lead to local information disclosure with no additional execution privileges needed in FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, QCN5502, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845.
Severity
No CVSS data available.
CWE
- Permissions, Privileges and Access control issue in Kernel
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/102390 | vdb-entryx_refsource_BID |
| https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM |
| https://www.codeaurora.org/security-bulletin/2018… | x_refsource_MISC |
| http://www.securitytracker.com/id/1040106 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Android for MSM, Firefox OS for MSM, QRD Android |
Affected:
All Android releases from CAF using the Linux kernel
|
Date Public
2018-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "102390",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102390"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin"
},
{
"name": "1040106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android for MSM, Firefox OS for MSM, QRD Android",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "All Android releases from CAF using the Linux kernel"
}
]
}
],
"datePublic": "2018-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear could be used for side channel attacks and this could lead to local information disclosure with no additional execution privileges needed in FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, QCN5502, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Permissions, Privileges and Access control issue in Kernel",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-18T12:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "102390",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102390"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin"
},
{
"name": "1040106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-06-04T00:00:00",
"ID": "CVE-2017-13218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear could be used for side channel attacks and this could lead to local information disclosure with no additional execution privileges needed in FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, QCN5502, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Permissions, Privileges and Access control issue in Kernel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "102390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102390"
},
{
"name": "https://source.android.com/security/bulletin/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin",
"refsource": "MISC",
"url": "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin"
},
{
"name": "1040106",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-13218",
"datePublished": "2018-01-12T23:00:00.000Z",
"dateReserved": "2017-08-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:21:52.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13219 (GCVE-0-2017-13219)
Vulnerability from cvelistv5 – Published: 2018-01-12 23:00 – Updated: 2024-09-17 02:01
VLAI
EPSS
Summary
A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865.
Severity
No CVSS data available.
CWE
- Denial of service
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/pixe… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android kernel
|
Date Public
2018-01-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"datePublic": "2018-01-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T22:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-01-02T00:00:00",
"ID": "CVE-2017-13219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-13219",
"datePublished": "2018-01-12T23:00:00.000Z",
"dateReserved": "2017-08-23T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:01:38.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13220 (GCVE-0-2017-13220)
Vulnerability from cvelistv5 – Published: 2018-01-12 23:00 – Updated: 2024-09-16 21:58
VLAI
EPSS
Summary
An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2018/dsa-4187 | vendor-advisoryx_refsource_DEBIAN |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_CONFIRM |
| https://git.kernel.org/pub/scm/linux/kernel/git/t… | x_refsource_CONFIRM |
| https://bugzilla.suse.com/show_bug.cgi?id=1076537 | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=1536155 | x_refsource_CONFIRM |
| https://source.android.com/security/bulletin/pixe… | x_refsource_CONFIRM |
| https://people.canonical.com/~ubuntu-security/cve… | x_refsource_CONFIRM |
| https://usn.ubuntu.com/3655-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/3655-2/ | vendor-advisoryx_refsource_UBUNTU |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android kernel
|
Date Public
2018-01-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-13220"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1076537"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536155"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html"
},
{
"name": "USN-3655-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3655-1/"
},
{
"name": "USN-3655-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3655-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"datePublic": "2018-01-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-30T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"name": "DSA-4187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-13220"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1076537"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536155"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html"
},
{
"name": "USN-3655-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3655-1/"
},
{
"name": "USN-3655-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3655-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-01-02T00:00:00",
"ID": "CVE-2017-13220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4187",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-13220",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-13220"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1076537",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1076537"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1536155",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536155"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
},
{
"name": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html",
"refsource": "CONFIRM",
"url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html"
},
{
"name": "USN-3655-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3655-1/"
},
{
"name": "USN-3655-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3655-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-13220",
"datePublished": "2018-01-12T23:00:00.000Z",
"dateReserved": "2017-08-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:58:00.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13221 (GCVE-0-2017-13221)
Vulnerability from cvelistv5 – Published: 2018-01-12 23:00 – Updated: 2024-09-16 17:19
VLAI
EPSS
Summary
An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938.
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/pixe… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android kernel
|
Date Public
2018-01-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"datePublic": "2018-01-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T22:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-01-02T00:00:00",
"ID": "CVE-2017-13221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-13221",
"datePublished": "2018-01-12T23:00:00.000Z",
"dateReserved": "2017-08-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:19:01.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…