Multiple vulnerabilities in Google Android

Published: 2018-08-08 14:08:15 | Updated: 2018-08-08 14:13:08
Severity High
Patch available YES
Number of vulnerabilities 43
CVE ID CVE-2017-13077
CVE-2017-18249
CVE-2017-18280
CVE-2017-18281
CVE-2017-18282
CVE-2017-18283
CVE-2017-18292
CVE-2017-18293
CVE-2017-18294
CVE-2017-18295
CVE-2017-18296
CVE-2017-18297
CVE-2017-18298
CVE-2017-18299
CVE-2017-18300
CVE-2017-18301
CVE-2017-18302
CVE-2017-18303
CVE-2017-18304
CVE-2017-18305
CVE-2017-18308
CVE-2017-18309
CVE-2017-18310
CVE-2018-11258
CVE-2018-11260
CVE-2018-11305
CVE-2018-5383
CVE-2018-9427
CVE-2018-9436
CVE-2018-9437
CVE-2018-9438
CVE-2018-9444
CVE-2018-9445
CVE-2018-9446
CVE-2018-9448
CVE-2018-9450
CVE-2018-9451
CVE-2018-9453
CVE-2018-9454
CVE-2018-9455
CVE-2018-9458
CVE-2018-9459
CVE-2018-9465
CVSSv3 9.1 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
5.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
2.7 [CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
2.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
4.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
2.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
2.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
2.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
2.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
4.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-320
CWE-362
CWE-264
CWE-200
CWE-20
CWE-300
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software Google Android
Vulnerable software versions Google Android -
Google Android 8.1
Google Android 8.0
Show more
Vendor URL Google

Security Advisory

1) Key management errors

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

External links

https://www.krackattacks.com/
https://papers.mathyvanhoef.com/ccs2017.pdf

2) Race condition

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the add_free_nid function due to race condition. A local attacker can trigger memory corruption and cause the service to crash.

Remediation

Update to version 4.12.

External links

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30a61ddf8117c26ac5b295...

3) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

4) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to flaws in the Qualcomm component. A remote attacker can bypass user interaction requirements and access arbitrary data.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

5) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

6) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

7) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

8) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

9) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

10) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

11) Improper input validation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can supply specially crafted input, trick the victim into loading, bypass user interaction requirements and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

12) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

13) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

14) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

15) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

16) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

17) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

18) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

19) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

20) Improper input validation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can supply specially crafted input, trick the victim into loading, bypass user interaction requirements and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

21) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

22) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

23) Improper input validation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can supply specially crafted input, trick the victim into loading, bypass user interaction requirements and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

24) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

25) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to flaws in the Qualcomm component. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

26) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

27) Man-in-the-middle attack

Description

The vulnerability allows an adjacent attacker to conduct man-in-the-middle attack on the target system.

The weakness exists in the Bluetooth Low Energy (BLE) implementation of Secure Connections mode insufficient validation of elliptic curve parameters that are used to generate public keys during a Diffie-Hellman key exchange when the affected software performs device pairing operations. An adjacent attacker can intercept the public key exchange between the two targeted systems, inject a malicious public key to aid in determining the session key,  access sensitive information or forge and modify messages, which could be used to inject malicious software on the targeted system. 

Remediation

Update to version 10.13.6.

External links

https://support.apple.com/en-us/HT208937

28) Improper input validation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a flaw in the Media framework. A remote attacker can supply specially crafted input, trick the victim into loading, bypass user interaction requirements and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

29) Information disclosure

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to flaws in the System component. A local attacker can run a specially crafted application to bypass user interaction requirements and access arbitrary data.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

30) Improper input validation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a flaw in the Media framework. A remote attacker can supply specially crafted input, trick the victim into loading, bypass user interaction requirements and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

31) Improper input validation

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to flaws in the Framework component. A local attacker can run a specially crafted application to bypass user interaction requirements and cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

32) Improper input validation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a flaw in the Media framework. A remote attacker can supply specially crafted input, trick the victim into loading, bypass user interaction requirements and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

33) Privilege escalation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to flaws in the Framework component. A local attacker can run a specially crafted application to bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

34) Privilege escalation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to flaws in the System component. A local attacker can run a specially crafted application to bypass user interaction requirements and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

35) Information disclosure

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to flaws in the System component. A local attacker can run a specially crafted application to bypass user interaction requirements and access arbitrary data.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

36) Privilege escalation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to flaws in the System component. A local attacker can run a specially crafted application to bypass user interaction requirements and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

37) Information disclosure

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to flaws in the Framework component. A local attacker can run a specially crafted application to bypass user interaction requirements and access arbitrary data.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

38) Information disclosure

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to flaws in the System component. A local attacker can run a specially crafted application to bypass user interaction requirements and access arbitrary data.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

39) Information disclosure

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to flaws in the System component. A local attacker can run a specially crafted application to bypass user interaction requirements and access arbitrary data.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

40) Improper input validation

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to flaws in the System component. A local attacker can run a specially crafted application to bypass user interaction requirements and cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

41) Privilege escalation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to flaws in the Framework component. A local attacker can run a specially crafted application to bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

42) Privilege escalation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to flaws in the System component. A local attacker can run a specially crafted application to bypass user interaction requirements and gain elevated privileges.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

43) Privilege escalation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to flaws in the System component. A local attacker can run a specially crafted application to bypass user interaction requirements and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2018-08-01

Back to List