黑莓官方发布2017年8月份搭载Android系统BlackBerry手机(KEYone/PRIV/DTEK)安全公告,更新可解决之前Android系统存在已知系统漏洞,黑莓官方已从8月5号开始在全球分批次向Android系统黑莓手机推送系统更新推送升级提示,用户在收到更新后在WIFI环境下OTA更新即可。
更新升级包除修复已知系统安全漏洞外还对系统内部分功能进行了改进优化。
此次更新中修复的漏洞
以下漏洞在本更新中得到了修复:
Summary/摘要 | Description/说明 | CVE/漏洞编号 |
Elevation of Privilege in WiFi | In the Wi-Fi service, a copy into a stack structure is not checked for length before the operation is performed. | CVE-2017-0712 |
Remote Code Execution in Sfntly | In the sfntly library used by libskia, a malformed font file could achieve privilege escalation due to an out-of-bounds read and probable write. | CVE-2017-0713 |
Remote Code Execution in Mediaserver | There is a missing bounds check in the GetMBHeader() function of the h263 decoder, that could lead to a heap memory overflow. Exploitation of this by a malicious MP4 file could lead to memory corruption and code execution in a privileged process. | CVE-2017-0714 |
Remote Code Execution in Mediaserver | In decoder/ih264d_utils.c in ih264d_allocate_dynamic_bufs (of libavc), there is an out-of-bounds write issue, which could lead to remote arbitrary code execution. | CVE-2017-0715 |
Remote Code Execution in Mediaserver | In decoder/impeg2d_vld.c in impeg2d_vld_decode (of libmpeg2), a missing bounds check can cause a head buffer overflow that could lead to remote arbitrary code execution in privileged process. | CVE-2017-0716 |
Remote Code Execution in Mediaserver | In the mpeg2 decoder, reading a different vertical slice than the one at the current decode position could result in an invalid calculation of the amount of data remaining. | CVE-2017-0718 |
Remote Code Execution in Mediaserver | In the mpeg2 decoder, an invalid picture structure could cause an out-of-bounds write, which could lead to memory corruption and code execution in a privileged process. | CVE-2017-0719 |
Remote Code Execution in Mediaserver | In decoder/ihevcd_parse_slice.c (of libhevc) a potential memory corruption could occur leading to remote arbitrary code execution. | CVE-2017-0720 |
Remote Code Execution in Mediaserver | In decoder/impeg2d_dec_hdr.c in impeg2d_dec_seq_hdr (of libmpeg2), there is no check for a 0 value of u2_width or u2_height. Parsing a malicious media file could lead to a clip dimension change which could lead to an out-of-bounds write leading to a remote arbitrary code execution. | CVE-2017-0721 |
Remote Code Execution in Mediaserver | In the h263 decoder, a malformed mpeg4 file could lead to an out-of-bounds write in a privileged process due to a size mismatch between the frame header and the frame body. | CVE-2017-0722 |
Remote Code Execution in Mediaserver | In decoder/ih264d_format_conv.c in ih264d_fmt_conv_420sp_to_420sp (of libavc), a heap buffer overflow could occur due to an unchecked num_rows in the memcpy, which could lead to remote arbitrary code execution in privileged process. | CVE-2017-0723 |
Remote Code Execution in Mediaserver | In m4v_h263/dec/src/vop.cpp in DecodeShortHeader (of libstagefright), there is no check that the height and width are less than the total video size. | CVE-2017-0745 |
Denial of Service in Mediaserver | In decoder/impeg2d_dec_hdr.c in impeg2d_dec_seq_hdr (of libmpeg2), there is no check for a 0 value of u2_width or u2_height. | CVE-2017-0724 |
Denial of Service in Mediaserver | In libstagefright/MPEG4Extractor.cpp in MPEG4Extractor::parseMetaData (of libstagefright) a memory leak could lead to resouRemote Code Execution exhaustion which could lead to a remote temporary denial of service. | CVE-2017-0726 |
Denial of Service in Mediaserver | In the hevc software decoder, a malformed mpeg4 file could result in a null pointer dereference. | CVE-2017-0728 |
Elevation of Privilege in MediaDrmServer | There is a possible integer overflow in the clearkey plugin for the MediaDrmServer process. | CVE-2017-0729 |
Denial of Service in Mediaserver | In the h264 decoder, a malformed mpeg4 file could cause a crash. | CVE-2017-0730 |
Elevation of Privilege in Mediaserver | In the mpeg4 encoder, an app could set a zero width or height parameter causing a bad allocation, but change the width or height later. When the encoder is cleaned up, the wrong address is freed, which could to memory corruption and code execution. | CVE-2017-0731 |
Elevation of Privilege in Mediaserver | There is a vulnerability in mediaserver where an application could cause a hang in a mediaserver thread creating a graphics buffer. Another thread attempting to use that buffer could cause the reference count to be decremented and the buffer freed. When the creating thread resumes, it uses the buffer that has already been freed, which could lead to memory corruption and code execution. | CVE-2017-0732 |
Denial of Service in Mediaserver | In NuPlayerDecoder (of libmediaplayerservice), when processing bad input data, a CHECK abort could lead to a remote temporary denial of service. | CVE-2017-0733 |
Denial of Service in Mediaserver | In decoder/ih264d_dpb_mgr.c in ih264d_delete_st_node_or_make_lt (of libavc), a null pointer dereference could lead to a remote temporary denial of service. | CVE-2017-0734 |
Denial of Service in Mediaserver | In decoder/ih264d_parse_headers.c in ih264d_parse_sps (of libavc) a crafted media could cause an infinite loop due to improper input validation when changing resolutions which could lead to a remote temporary denial of service. | CVE-2017-0735 |
Denial of Service in Mediaserver | In decoder/ih264d_parse_headers.c in ih264d_parse_nal_unit (of libavc) a crafted media could lead to an infinite loop due to missing input validation which could lead to a remote temporary denial of service. | CVE-2017-0736 |
Denial of Service in Mediaserver | In decoder/ih264d_parse_headers.c in ih264d_parse_sps (of libavc), improper input validation could lead to remote temporary denial of service when the media stream changes resolution. | CVE-2017-0687 |
Elevation of Privilege in Mediaserver | In libgui.so, a missing bounds check could lead to an arbitrary write in a privileged process which could lead to an elevation of privilege. | CVE-2017-0737 |
Information Disclosure in Mediaserver | Inside audioserver the parameters of equalizer Effect_command is not properly checked and could cause an out-of-bounds read leading to information disclosure. | CVE-2017-0738 |
Information Disclosure in Mediaserver | In decoder/ihevcd_nal.c in ihevcd_nal_remv_emuln_bytes (of libhevc), an out-of-bounds read could lead to information disclosure. | CVE-2017-0739 |
Remote Code Execution in Broadcom WiFi | After the patch for CVE-2016-0802 (ANDROID-25306181), if a device had updated the kernel but not the bcm4354 firmware, there were still possible out-of-bounds memory writes if the chip sent a ETHER_TYPE_BRCM packet to the host with a malformed length. | CVE-2017-0740 |
Elevation of Privilege in Kernel File System | Unvalidated input parameters In the F2FS module could allow for kernel memory corruption, which could result in arbitrary code execution in the TCB. | CVE-2017-0750 |
Elevation of Privilege in Kernel | In msm/kernel/trace/trace.c, there is insufficient locking when accessing savedcmd that could result in a use after free, leading to escalation of privilege. | CVE-2017-0749 |
Elevation of Privilege in Qualcomm IPA Driver | An integer overflow in the reference counter variables in the ipa driver could cause a potential use after free leading to elevation of privilege. | CVE-2017-0746 |
Elevation of Privilege Elevation of Privilege in Qualcomm Component | The qseecomd process has CAP_SYS_ADMIN and CAP_NET_RAW capabilities which are not necessary. | CVE-2017-0747 |
Elevation of Privilege Elevation of Privilege in Qualcomm Video Driver | In the /dev/graphics/fb0 driver when running a 32-bit kernel, there is an out-of-bounds write that could lead to escalation of privilege. | CVE-2017-9678 |
Elevation of Privilege Elevation of Privilege in Qualcomm MobiCore Driver | Reading from /sys/kernel/debug/trustonic_tee/info, on devices where it exists, could lead to an escalation of privilege, due to insufficient locking. | CVE-2017-9691 |
Elevation of Privilege in Qualcomm USB Driver | In rndis_qc_bind_config_vendor and related functions, access to the _rndis_qc variable is not protected by a lock. There is a possible use after free vulnerability that could lead to escalation of privilege. | CVE-2017-9684 |
Information Disclosure in Qualcomm GPU Driver | There is an improper locking causing use after free issue in kgsl device which could lead to information disclosure. | CVE-2017-9682 |
Information Disclosure in Qualcomm SoC Driver | In the qbt1000 driver, a user space string is copied into local buffer without ensuring that it is properly NULL terminated. | CVE-2017-9679 |
Information Disclosure in Qualcomm SoC Driver | Uninitialized variables in the qbt1000 driver could lead to information disclosure. | CVE-2017-9680 |
Information Disclosure in Qualcomm Audio Driver | In the audio driver, a missing return value check together with an uninitialized local variable could lead to information disclosure. | CVE-2017-0748 |
Information Disclosure in Qualcomm Radio Driver | The function iris_vidioc_s_ext_ctrls directly dereferences a user-passed pointer as a string, which could lead to information disclosure. | CVE-2017-9681 |
Information Disclosure in Qualcomm Networking Driver | In __wlan_hdd_change_station, the length of params->ext_capab has insufficient checks, which could lead to information disclosure due to an out-of-bounds read. | CVE-2017-9693 |
Information Disclosure in Qualcomm Networking Driver | In __wlan_hdd_cfg80211_extscan_set_bssid_hotlist, the policy used to enfoRemote Code Execution the size of the attributes for nla_parse does not include an entry for QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE, which could lead to a possible out-of-bounds read and information disclosure. | CVE-2017-9694 |
Elevation of Privilege in Qualcomm QCE Driver | Multiple IOCTLs within the QCE driver use a non-validated field provided by the user. | CVE-2017-0751 |
黑莓官方是全球手机品牌厂商中为数不多能够及时提供系统漏洞更新与补丁的商家,GOOGLE在最新的Android安全报告中特别提到黑莓是能够保障用户安全的厂商,黑莓除了每月定期的更新外,还会在Android系统存在中大安全漏洞时第一时间为用户提供系统补丁,保障用户的使用安全。
Latest posts by rain (see all)
- 黑莓PlayBook平板电脑激活修复教程2023 - 2023年12月31日
- 黑莓官方周边配件盘点 - 2023年9月13日
- 黑莓KEY3真机照片曝光? - 2023年4月8日
评论前必须登录!
注册