New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 691215 link

Starred by 1 user
Status: WontFix
Owner:
groeck@google.com
Closed: Feb 2017
Cc:
surovegin@google.com
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug-Security



Sign in to add a comment

CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Feb 11 2017 
Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: sys-kernel/chromeos-kernel-3_18
Package Version: [cpe:/o:linux:linux_kernel:3.18]

Advisory: CVE-2016-8414
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-8414
  CVSS severity score: 2.6/10.0
  Confidence: high
  Description:

An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407.
Advisory: CVE-2016-8419
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-8419
  CVSS severity score: 7.6/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32454494. References: QC-CR#1087209.
Advisory: CVE-2016-8420
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-8420
  CVSS severity score: 7.6/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451171. References: QC-CR#1087807.
Advisory: CVE-2016-8421
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-8421
  CVSS severity score: 7.6/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797.
Advisory: CVE-2016-8476
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-8476
  CVSS severity score: 7.6/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940.
Advisory: CVE-2016-8480
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-8480
  CVSS severity score: 7.6/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31804432. References: QC-CR#1086186.
Advisory: CVE-2016-8481
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-8481
  CVSS severity score: 7.6/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906415. References: QC-CR#1078000.
Advisory: CVE-2017-0427
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0427
  CVSS severity score: 9.3/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495866.
Advisory: CVE-2017-0430
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0430
  CVSS severity score: 9.3/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32838767. References: B-RB#107459.
Advisory: CVE-2017-0434
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0434
  CVSS severity score: 7.6/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33001936.
Advisory: CVE-2017-0435
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0435
  CVSS severity score: 7.6/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906657. References: QC-CR#1078000.
Advisory: CVE-2017-0436
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0436
  CVSS severity score: 7.6/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32624661. References: QC-CR#1078000.
Advisory: CVE-2017-0437
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0437
  CVSS severity score: 7.6/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402310. References: QC-CR#1092497.
Advisory: CVE-2017-0438
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0438
  CVSS severity score: 7.6/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402604. References: QC-CR#1092497.
Advisory: CVE-2017-0439
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0439
  CVSS severity score: 7.6/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32450647. References: QC-CR#1092059.
Advisory: CVE-2017-0440
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0440
  CVSS severity score: 7.6/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33252788. References: QC-CR#1095770.
Advisory: CVE-2017-0441
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0441
  CVSS severity score: 7.6/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32872662. References: QC-CR#1095009.
Advisory: CVE-2017-0442
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0442
  CVSS severity score: 7.6/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32871330. References: QC-CR#1092497.
Advisory: CVE-2017-0443
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0443
  CVSS severity score: 7.6/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877494. References: QC-CR#1092497.
Advisory: CVE-2017-0445
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0445
  CVSS severity score: 7.6/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32769717.
Advisory: CVE-2017-0446
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0446
  CVSS severity score: 7.6/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32917445.
Advisory: CVE-2017-0447
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0447
  CVSS severity score: 7.6/10.0
  Confidence: high
  Description:

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32919560.
Advisory: CVE-2017-0451
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0451
  CVSS severity score: 2.6/10.0
  Confidence: high
  Description:

An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. References: QC-CR#1073129.

Comment 1 by vakh@chromium.org, Feb 28 2017

Components: OS>Kernel
Owner: groeck@google.com
Status: Assigned (was: Untriaged)
groeck@, based on https://bugs.chromium.org/p/chromium/issues/detail?id=683095, assigning to you.

Comment 2 by groeck@google.com, Feb 28 2017

Cc: surovegin@google.com
Status: WontFix (was: Assigned)
The analysis of those vulnerabilities has already been completed by surovegin@; see Android IDs. No need to duplicate.
Project Member

Comment 3 by sheriffbot@chromium.org, Jun 7 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment