Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>CERT-MU Vulnerability Note VN-2017-25

CERT-MU Vulnerability Note VN-2017-25


Multiple vulnerabilities in Google Android
Severity Rating: High
System Affected:  
 
  • Google Android
Description:
Multiple vulnerabilities have been identified in Google Android and can be exploited by remote attackers to cause execution of arbitrary code on the vulnerable system. A user can cause denial of service conditions and obtain potentially sensitive information on the target system. An application can obtain elevated privileges on the target system.  The following may occur:
A Remote code execution may occur in the following:
·         Surfaceflinger component ,Mediaserver component,libgdx component,libstagefright component and Qualcomm crypto driver component
A Privilege escalation may occur in the following:
·         Java.Net component, Framework APIs component ,Mediaserver component ,Audioserver component, Bluetooth component, kernel file system component, kernel networking subsystem component, NVIDIA GPU driver component, Broadcom Wi-Fi driver component, MediaTek driver component, Synaptics touchscreen driver component, Qualcomm Secure Execution Environment Communicator driver component, Qualcomm sound driver component, Qualcomm Wi-Fi driver component, Realtek sound driver component and HTC touchscreen driver component
An Information disclosure may occur in the following:
  • AOSP Mail component, AOSP Messaging component, Framework APIs component, Audioserver component, Filesystem component, NVIDIA video driver component, Qualcomm Secure Execution Environment Communicator component and Qualcomm sound driver component
Various errors may occur in Qualcomm components
Denial of service conditions may occur in the Bionic DNS component
 
Source:
Solution
Users are advised to apply updates.
 
 
Vendor Information
Google
 
CVE Information
 
 
More CVE available on:
 
References
Security Tracker
 
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis