Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18 |
||||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: sys-kernel/chromeos-kernel-3_18 Package Version: [cpe:/o:linux:linux_kernel:3.18] Advisory: CVE-2017-0325 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0325 CVSS severity score: 7.6/10.0 Confidence: high Description: An elevation of privilege vulnerability in the NVIDIA I2C HID driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10 and Kernel 3.18. Android ID: A-33040280. References: N-CVE-2017-0325. Advisory: CVE-2017-0329 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0329 CVSS severity score: 7.6/10.0 Confidence: high Description: An elevation of privilege vulnerability in the NVIDIA boot and power management processor driver could enable a local malicious application to execute arbitrary code within the context of the boot and power management processor. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID:A-34115304. References: N-CVE-2017-0329. Advisory: CVE-2017-0454 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0454 CVSS severity score: 7.6/10.0 Confidence: high Description: An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067. Advisory: CVE-2017-0462 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0462 CVSS severity score: 7.6/10.0 Confidence: high Description: An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288. Advisory: CVE-2017-0564 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0564 CVSS severity score: 9.3/10.0 Confidence: high Description: An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34276203. Advisory: CVE-2017-0567 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0567 CVSS severity score: 7.6/10.0 Confidence: high Description: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32125310. References: B-RB#112575. Advisory: CVE-2017-0568 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0568 CVSS severity score: 7.6/10.0 Confidence: high Description: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34197514. References: B-RB#112600. Advisory: CVE-2017-0569 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0569 CVSS severity score: 7.6/10.0 Confidence: high Description: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34198729. References: B-RB#110666. Advisory: CVE-2017-0570 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0570 CVSS severity score: 7.6/10.0 Confidence: high Description: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199963. References: B-RB#110688. Advisory: CVE-2017-0571 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0571 CVSS severity score: 7.6/10.0 Confidence: high Description: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34203305. References: B-RB#111541. Advisory: CVE-2017-0573 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0573 CVSS severity score: 7.6/10.0 Confidence: high Description: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34469904. References: B-RB#91539. Advisory: CVE-2017-0574 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0574 CVSS severity score: 7.6/10.0 Confidence: high Description: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34624457. References: B-RB#113189. Advisory: CVE-2017-0575 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0575 CVSS severity score: 7.6/10.0 Confidence: high Description: An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32658595. References: QC-CR#1103099. Advisory: CVE-2017-0576 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0576 CVSS severity score: 7.6/10.0 Confidence: high Description: An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33544431. References: QC-CR#1103089. Advisory: CVE-2017-0577 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0577 CVSS severity score: 7.6/10.0 Confidence: high Description: An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33842951. Advisory: CVE-2017-0579 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0579 CVSS severity score: 7.6/10.0 Confidence: high Description: An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34125463. References: QC-CR#1115406. Advisory: CVE-2017-0580 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0580 CVSS severity score: 7.6/10.0 Confidence: high Description: An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34325986. Advisory: CVE-2017-0581 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0581 CVSS severity score: 7.6/10.0 Confidence: high Description: An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34614485. Advisory: CVE-2017-0583 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0583 CVSS severity score: 7.6/10.0 Confidence: high Description: An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32068683. References: QC-CR#1103788.
,
Apr 11 2017
I'm interested in Advisory: CVE-2017-0575 since gale (aka "Google Wifi") uses "Qualcomm WIfi" in the form of IPQ4019 SoC. Where can I get more details about the fix so I can verify this is applied to chromeos-3.18 branch used by gale-kernel-3_18 package?
,
Apr 11 2017
Next question: can I assume same issues exist with 3.14 kernel if 3.18 is listed? If yes, I need to care about CVE-2017-0454 as well: Qualcomm Audio is used by whirlwind+arkham builds (aka TP Link Onhub and Asus Onhub) which use chromeos-3.14 branch.
,
Apr 12 2017
#2: The best way to find out is to search for the CVE in buganizer; it should be there, and if we are lucky there are one or more android commits attached. Please note, though, that the Android/Qualcomm/Broadcom security advisories typically only apply to Android; the Qualcomm/Broadcom code used by Android is not in the upstream kernel. Maybe this one is different, but it would be the first time this happens since I started looking into those advisories.
,
Apr 12 2017
,
Apr 12 2017
Analysis: CVE-2017-0325 affects all kernel versions including upstream and needs to be fixed. CVE-2017-0329 affects chromeos-3.18 (only). All other CVEs do not affect chromeos; either the code is not there or it is not enabled.
,
Apr 12 2017
Details on CVE-2017-0575: Patch is available in https://android.googlesource.com/kernel/msm, commit a7967fc47df8.
,
Apr 12 2017
Details on CVE-2017-0454: See msm repository, commit df51c6a96494.
,
Apr 12 2017
Thanks Guenter! Some IP from "msm" is used in IPQ40xx SoC where IPQ4019==gale. But AFAICT neither CVE listed below applies to chromeos-3.18 for gale. Whirlwind/Arkham (IPQ8064 SoC) was designed by a completely different group and different IP. CVE-2017-0325: https://android.googlesource.com/kernel/msm/+/a7967fc47df897bb1c67c7ce4ff1cf1dca3d7042 CVE-2017-0454: https://android.googlesource.com/kernel/msm/+/df51c6a96494d5170236114734a1a4f85faef7a
,
Apr 14 2017
Would you like to spin off bugs for any remaining work?
,
Apr 14 2017
CVE-2017-0325 and CVE-2017-0329 have been fixed. A separate bug has been filed to handle Broadcom firmware vulnerabilities.
,
Apr 15 2017
,
Jul 22 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 1 2017
,
Jan 22 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by nparker@chromium.org
, Apr 11 2017Components: OS>Kernel
Owner: groeck@chromium.org