Multiple vulnerabilities in android-emulator-hypervisor-driver-for-amd-processors
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2020-36312 CVE-2019-19332 CVE-2018-1087 CVE-2018-10853 CVE-2017-7518 CVE-2017-2584 CVE-2017-2583 CVE-2017-1000407 |
| CWE-ID | CWE-401 CWE-787 CWE-703 CWE-264 CWE-416 CWE-399 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
android-emulator-hypervisor-driver-for-amd-processors / |
| Vendor |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU67183
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36312
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists in the KVM hypervisor of the Linux kernel. A local user can force the application to leak memory and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsandroid-emulator-hypervisor-driver-for-amd-processors: 2.0 - 2.1
External linkshttp://github.com/google/android-emulator-hypervisor-driver-for-amd-processors/releases/tag/v2.2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU28404
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19332
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to damange or delete data.
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.
MitigationInstall update from vendor's website.
Vulnerable software versionsandroid-emulator-hypervisor-driver-for-amd-processors: 2.0 - 2.1
External linkshttp://github.com/google/android-emulator-hypervisor-driver-for-amd-processors/releases/tag/v2.2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper check or handling of exceptional conditions
EUVDB-ID: #VU12520
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1087
CWE-ID:
CWE-703 - Improper Check or Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists in the Linux kernel KVM hypervisor due to improper handling of debug exceptions delivered after a stack switch operation via mov SS or pop SS instructions. During the stack switch operation, the exceptions are deferred. An adjacent attacker can cause the service to crash or gain root privileges.
Install update from vendor's website.
Vulnerable software versionsandroid-emulator-hypervisor-driver-for-amd-processors: 2.0 - 2.1
External linkshttp://github.com/google/android-emulator-hypervisor-driver-for-amd-processors/releases/tag/v2.2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, privileges, and access controls
EUVDB-ID: #VU13369
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-10853
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in the way Linux kernel KVM hypervisor emulates instructions, such as sgdt/sidt/fxsave/fxrstor. A local unprivileged user on a guest system can gain write access to kernel space on the same guest system.
MitigationInstall update from vendor's website.
Vulnerable software versionsandroid-emulator-hypervisor-driver-for-amd-processors: 2.0 - 2.1
External linkshttp://github.com/google/android-emulator-hypervisor-driver-for-amd-processors/releases/tag/v2.2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Privilege escalation
EUVDB-ID: #VU7206
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7518
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an local attacker to gain elevated privileges on the guest system.
The weakness exists due to debug exception error in syscall emulation. A attacker can gain system privileges.
Successful exploitation of the vulnerability results in privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsandroid-emulator-hypervisor-driver-for-amd-processors: 2.0 - 2.1
External linkshttp://github.com/google/android-emulator-hypervisor-driver-for-amd-processors/releases/tag/v2.2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free error
EUVDB-ID: #VU5182
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2584
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or obtain potentially sensitive information.
The weakness exists due to use-after-free error in the arch/x86/kvm/emulate.c script. A local attacker can use a specially crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt and cause the system to crash or read arbitrary file on the system.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Vulnerable software versionsandroid-emulator-hypervisor-driver-for-amd-processors: 2.0 - 2.1
External linkshttp://github.com/google/android-emulator-hypervisor-driver-for-amd-processors/releases/tag/v2.2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Denial of service
EUVDB-ID: #VU5183
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2583
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition.
The weakness exists due to improper emulation of "MOV SS, NULL selector" instruction by the load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel. A quest OS user can use a specially crafted and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Vulnerable software versionsandroid-emulator-hypervisor-driver-for-amd-processors: 2.0 - 2.1
External linkshttp://github.com/google/android-emulator-hypervisor-driver-for-amd-processors/releases/tag/v2.2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource management error
EUVDB-ID: #VU9655
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-1000407
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to the possibility of flooding the diagnostic port 0x80. A local user can trigger an exception and cause a kernel panic.
Install update from vendor's website.
Vulnerable software versionsandroid-emulator-hypervisor-driver-for-amd-processors: 2.0 - 2.1
External linkshttp://github.com/google/android-emulator-hypervisor-driver-for-amd-processors/releases/tag/v2.2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
