Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

ITS Advisory Number: 
2017-044
Date(s) Issued: 
Wednesday, May 3, 2017
Subject: 
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
Overview: 

Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files. Successful exploitation of the most severe of these vulnerabilities could result in remote code execution in the context of the application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Systems Affected: 
  • Android OS builds utilizing Security Patch Levels prior to May 1, 2017
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Multiple vulnerabilities have been discovered in the Google Android OS, the most severe of which could allow for remote code execution. The vulnerabilities are as follows:

  • Multiple remote code execution vulnerabilities in Mediaserver (CVE-2017-0587, CVE-2017-0588, CVE-2017-0589, CVE-2017-0590, CVE-2017-0591, CVE-2017-0592)
  • An elevation of privilege vulnerability in Framework APIs (CVE-2017-0593)
  • Multiple elevation of privilege vulnerabilities in Mediaserver (CVE-2017-0594, CVE-2017-0595, CVE-2017-0596)
  • An elevation of privilege vulnerability in Audioserver (CVE-2017-0597)
  • An information disclosure vulnerability in Framework APIs (CVE-2017-0598)
  • Multiple denial of service vulnerabilities in Mediaserver (CVE-2017-0599, CVE-2017-0600, CVE-2017-0603, CVE-2017-0635)
  • An elevation of privilege vulnerability in Bluetooth (CVE-2017-0601)
  • An elevation of privilege vulnerability in File-Based Encryption (CVE-2017-0493)
  • An information disclosure vulnerability in Bluetooth (CVE-2017-0602)
  • An information disclosure vulnerability in OpenSSL & BoringSSL (CVE-2016-7056)
  • A remote code execution vulnerability in GIFLIB (CVE-2015-7555)
  • An elevation of privilege vulnerability in MediaTek touchscreen driver (CVE-2016-10724)
  • Multiple elevation of privilege vulnerabilities in Qualcomm bootloader (CVE-2016-10275, CVE-2016-10276)
  • An elevation of privilege vulnerability in kernel sound subsystem (CVE-2016-9794)
  • An elevation of privilege vulnerability in Motorola bootloader (CVE-2016-10277)
  • An elevation of privilege vulnerability in NVIDIA video driver (CVE-2017-0331)
  • An elevation of privilege vulnerability in Qualcomm power driver (CVE-2017-0604)
  • An elevation of privilege vulnerability in kernel trace subsystem (CVE-2017-0605)
  • Multiple vulnerabilities in Qualcomm components (CVE-2016-10240, CVE-2016-10241, CVE-2016-10278, CVE-2016-10279, CVE-2014-9923, CVE-2014-9924, CVE-2014-9925, CVE-2014-9926, CVE-2014-9927, CVE-2014-9928, CVE-2014-9929, CVE-2014-9930, CVE-2015-9005, CVE-2015-9006, CVE-2015-9007, CVE-2016-10297, CVE-2014-9941, CVE-2014-9942, CVE-2014-9943, CVE-2014-9944, CVE-2014-9945, CVE-2014-9946, CVE-2014-9947, CVE-2014-9948, CVE-2014-9949, CVE-2014-9950, CVE-2014-9951, CVE-2014-9952)
  • A remote code execution vulnerability in libxml2 (CVE-2016-5131)
  • Multiple elevation of privilege vulnerabilities in MediaTek thermal driver (CVE-2016-10280, CVE-2016-10281, CVE-2016-10282)
  • An elevation of privilege vulnerability in Qualcomm Wi-Fi driver (CVE-2016-10283)
  • Multiple elevation of privilege vulnerabilities in Qualcomm video driver (CVE-2016-10284, CVE-2016-10285, CVE-2016-10286)
  • An elevation of privilege vulnerability in kernel performance subsystem (CVE-2015-9004)
  • Multiple elevation of privilege vulnerabilities in Qualcomm sound driver (CVE-2016-10287, CVE-2017-0606, CVE-2016-5860, CVE-2016-5867, CVE-2017-0607, CVE-2017-0608, CVE-2017-0609, CVE-2016-5859, CVE-2017-0610, CVE-2017-0611, CVE-2016-5853)
  • An elevation of privilege vulnerability in Qualcomm LED driver (CVE-2016-10288)
  • An elevation of privilege vulnerability in Qualcomm crypto driver (CVE-2016-10289)
  • An elevation of privilege vulnerability in Qualcomm shared memory driver (CVE-2016-10290)
  • An elevation of privilege vulnerability in Qualcomm Slimbus driver (CVE-2016-10291)
  • An elevation of privilege vulnerability in Qualcomm ADSPRPC driver (CVE-2017-0465)
  • Multiple elevation of privilege vulnerabilities in Qualcomm Secure Execution Environment Communicator driver (CVE-2017-0612, CVE-2017-0613, CVE-2017-0614)
  • An elevation of privilege vulnerability in MediaTek power driver (CVE-2017-0615)
  • An elevation of privilege vulnerability in MediaTek system management interrupt driver (CVE-2017-0616)
  • An elevation of privilege vulnerability in MediaTek video driver (CVE-2017-0617)
  • An elevation of privilege vulnerability in MediaTek command queue driver (CVE-2017-0618)
  • An elevation of privilege vulnerability in Qualcomm pin controller driver (CVE-2017-0619)
  • An elevation of privilege vulnerability in Qualcomm Secure Channel Manager Driver (CVE-2017-0620)
  • An elevation of privilege vulnerability in Qualcomm sound codec driver (CVE-2016-5862)
  • An elevation of privilege vulnerability in kernel voltage regulator driver (CVE-2014-9940)
  • An elevation of privilege vulnerability in Qualcomm camera driver (CVE-2017-0621)
  • An elevation of privilege vulnerability in Qualcomm networking driver (CVE-2016-5868)
  • An elevation of privilege vulnerability in kernel networking subsystem (CVE-2017-7184)
  • An elevation of privilege vulnerability in Goodix touchscreen driver (CVE-2017-0622)
  • An elevation of privilege vulnerability in HTC bootloader (CVE-2017-0623)
  • An information disclosure vulnerability in Qualcomm Wi-Fi driver (CVE-2017-0624)
  • An information disclosure vulnerability in MediaTek command queue driver (CVE-2017-0625)
  • An information disclosure vulnerability in Qualcomm crypto engine driver (CVE-2017-0626)
  • A denial of service vulnerability in Qualcomm Wi-Fi driver (CVE-2016-10292)
  • An information disclosure vulnerability in kernel UVC driver (CVE-2017-0627)
  • An information disclosure vulnerability in Qualcomm video driver (CVE-2016-10293)
  • An information disclosure vulnerability in Qualcomm power driver (device specific) (CVE-2016-10294)
  • An information disclosure vulnerability in Qualcomm LED driver (CVE-2016-10295)
  • An information disclosure vulnerability in Qualcomm shared memory driver (CVE-2016-10296)
  • Multiple information disclosure vulnerabilities in Qualcomm camera driver (CVE-2017-0628, CVE-2017-0629, CVE-2017-0631)
  • An information disclosure vulnerability in kernel trace subsystem (CVE-2017-0630)
  • Multiple information disclosure vulnerabilities in Qualcomm sound codec driver (CVE-2016-5858, CVE-2017-0632)
  • An information disclosure vulnerability in Qualcomm sound driver (CVE-2016-5347)
  • Multiple information disclosure vulnerabilities in Qualcomm SPCom driver (CVE-2016-5854, CVE-2016-5855)
  • An information disclosure vulnerability in Broadcom Wi-Fi driver (CVE-2017-0633)
  • An information disclosure vulnerability in Synaptics touchscreen driver (CVE-2017-0634)

Successful exploitation of the most severe of these vulnerabilities could result in remote code execution in the context of the application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Actions: 
  • After appropriate testing, immediately apply patches provided by Google Android or mobile carriers to vulnerable systems.
  • Remind users to download apps only from trusted vendors in the Play Store.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
References: 

Google:

https://source.android.com/security/bulletin/2017-05-01.html

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9923

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9924

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9925

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9926

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9927

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9928

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9929

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9930

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9940

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9941

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9942

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9943

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9944

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9945

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9946

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9947

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9948

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9949

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9950

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9951

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9952

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7555

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9004

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9005

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9006

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9007

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10240

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10241

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10275

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10276

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10277

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10278

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10279

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10280

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10281

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10282

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10283

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10284

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10285

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10286

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10287

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10288

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10289

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10290

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10291

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10292

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10293

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10294

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10295

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10296

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10297

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10724

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5347

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5853

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5854

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5855

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5858

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5859

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5860

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5862

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5867

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5868

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7056

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9794

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0331

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0465

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0493

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0587

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0588

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0589

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0590

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0591

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0592

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0593

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0594

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0595

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0596

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0597

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0598

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0599

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0600

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0601

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0602

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0603

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0604

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0605

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0606

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0607

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0608

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0609

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0610

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0611

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0612

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0613

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0614

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0615

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0616

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0617

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0618

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0619

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0620

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0621

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0622

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0623

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0624

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0625

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0626

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0627

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0628

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0629

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0630

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0631

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0632

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0633

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0635

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7184