Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process.
This SMR package includes patches from Google and Samsung.

Google patches include patches up to Android Security Bulletin - July 2017 package.

The Bulletin (July 2017) contains the following CVE items:
Critical: CVE-2017-0564, CVE-2016-9794, CVE-2015-7555, CVE-2017-0540, CVE-2017-0673, CVE-2017-0674, CVE-2017-0675, CVE-2017-0676, CVE-2017-0677, CVE-2017-0678, CVE-2017-0679, CVE-2017-0680, CVE-2017-0681, CVE-2017-0469
High: CVE-2017-6423, CVE-2015-9004, CVE-2014-9940, CVE-2017-0648, CVE-2017-6074, CVE-2017-8253, CVE-2017-8273, CVE-2014-9979, CVE-2015-8595, CVE-2017-0664, CVE-2017-0665, CVE-2017-0666, CVE-2017-0667, CVE-2017-0669, CVE-2017-0670, CVE-2017-0671, CVE-2016-2109, CVE-2017-0672, CVE-2017-0684, CVE-2017-0685, CVE-2017-0686, CVE-2017-0688, CVE-2017-0689, CVE-2017-0690, CVE-2017-0691, CVE-2017-0692, CVE-2017-0693, CVE-2017-0694, CVE-2017-0695, CVE-2017-0696, CVE-2017-0697, CVE-2017-0700, CVE-2017-0701, CVE-2017-0702, CVE-2017-0703, CVE-2017-0642
Moderate: CVE-2017-7368, CVE-2017-7364, CVE-2017-8237, CVE-2015-5707, CVE-2016-5863, CVE-2017-8246, CVE-2017-8256, CVE-2017-8257, CVE-2016-3924, CVE-2017-0493, CVE-2015-7995, CVE-2017-3544, CVE-2017-0698, CVE-2017-0699
Low: CVE-2017-8241

※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 16 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer's confidence on security of Samsung Mobile devices.
Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2016-6879: Lockscreen PIN cursor issue in KK models

Severity: Low
Affected versions: KK(4.4)
Reported on: August 8, 2016
Disclosure status: Privately disclosed.
The PIN type among lock types has a bug resulting in mismatch between displayed password and actual password.
The patch fixes the bug.


SVE-2017-8290: Crash via sending broadcast (AdaptiveDisplayColorService)

Severity: Low
Affected versions: KK(4.4), L(5.0/5.1), M(6.0), N(7.x)
Reported on: February 14, 2017
Disclosure status: Privately disclosed.
Lack of appropriate exception handling for Intents including Serializable instance allows attackers crash several system processes resulting in a possible DoS attack.
The patch prevents system crashes by handling unexpected exceptions.


SVE-2017-8888: Buffer overflow in tlc_server

Severity: Medium
Affected versions: M(6.0), N(7.x)
Reported on: April 11, 2017
Disclosure status: Privately disclosed.
There is a potential buffer overflow vulnerability due to not confirming if the size of source data is smaller than the destination buffer.
The patch removes the problematic code.


SVE-2017-8973: Buffer overflow in process_cipher_tdea

Severity: Low
Affected versions: M(6.0), N(7.x)
Reported on: April 11, 2017
Disclosure status: Privately disclosed.
There is a potential buffer overflow vulnerability due to not verifying input and output parameters’ sizes.
The fix avoids a buffer overflow by checking if the size of output data is the same as input data.


SVE-2017-9109: Unintended memory is disclosed in rkp log

Severity: Medium
Affected versions: M(6.0), N(7.x)
Reported on: May 4, 2017
Disclosure status: Privately disclosed.
The vulnerability allows reading data outside of rkp log buffer boundary due to not checking the boundary.
The applied patch avoids an illegal access to memory by checking the boundary.


SVE-2017-9122, SVE-2017-9123, SVE-2017-9124, and SVE-2017-9126: Crash system server via sending broadcast

Severity: Low
Affected versions: N(7.x)
Reported on: May 10, 2017
Disclosure status: Privately disclosed.
Lack of appropriate exception handling for some Intents which cause NullPointerException allows attackers crash a system process resulting in a possible DoS attack.
The patch protects the receiver by changing to protected intent.


Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements

We truely appreciate the following researchers for helping Samsung to improve the security of our products.

- Taaha Rauf : SVE-2017-8286, SVE-2016-6879
- Ryan Johnson and Angelos Stavrou of Kryptowire : SVE-2017-8290, SVE-2017-9122, SVE-2017-9123, SVE-2017-9124, SVE-2017-9126
- Daniel Komaromy : SVE-2017-8888, SVE-2017-8973
- David Berard : SVE-2017-9109

저작자 표시 비영리 변경 금지
신고
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

SMR-MAR-2017



Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process.
This SMR package includes patches from Google and Samsung. 

Google patches include patches up to Android Security Bulletin - March 2017 package. 

The Bulletin (March 2017) contains the following CVE items: 
CVE-2015-8816(C), CVE-2014-9781(H), CVE-2016-3843(C), CVE-2016-6674(H), CVE-2016-6675(H), CVE-2014-9675(H), CVE-2016-6728(C), CVE-2016-7910(C), CVE-2016-6757(M), CVE-2016-8406(M), CVE-2016-6690(L), CVE-2015-3288(C), CVE-2016-8422(C), CVE-2016-8423(C), CVE-2016-8415(H), CVE-2017-0404(H), CVE-2016-8452(H), CVE-2017-0399(M), CVE-2017-0400(M), CVE-2017-0402(M), CVE-2017-0395(M), CVE-2016-8418(C), CVE-2017-0437(H), CVE-2017-0438(H), CVE-2017-0439(H), CVE-2016-8419(H), CVE-2016-8420(H), CVE-2016-8421(H), CVE-2017-0440(H), CVE-2017-0441(H), CVE-2017-0442(H), CVE-2017-0443(H), CVE-2016-8476(H), CVE-2016-8414(M), CVE-2017-0451(M), CVE-2017-0423(M), CVE-2016-9806(C), CVE-2016-8655(H), CVE-2016-9793(H), CVE-2016-8416(M), CVE-2016-8477(M), CVE-2016-2182(C), CVE-2017-0466(C), CVE-2017-0467(C), CVE-2017-0468(C), CVE-2017-0469(C), CVE-2017-0470(C), CVE-2017-0471(C), CVE-2017-0472(C), CVE-2017-0473(C), CVE-2017-0474(C), CVE-2017-0475(C), CVE-2017-0478(H), CVE-2017-0479(H), CVE-2017-0480(H), CVE-2017-0481(H), CVE-2017-0482(H), CVE-2017-0483(H), CVE-2017-0484(H), CVE-2017-0485(H), CVE-2017-0486(H), CVE-2017-0487(H), CVE-2017-0488(H), CVE-2017-0390(H), CVE-2017-0392(H), CVE-2017-0489(M), CVE-2017-0490(M), CVE-2017-0491(M), CVE-2017-0495(M), CVE-2017-0496(M), CVE-2017-0497(M), CVE-2017-0498(M), and CVE-2017-0499(L).
* Severity : (C)-Critical,   (H)-High,   (M)-Moderate,   (L)-Low

※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 12 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer's confidence on security of Samsung Mobile devices¹. 
Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release. 


SVE-2016-7797: Restricted account security flaw

Severity: Medium
Affected versions: L(5.0/5.1), M(6.0) all tablet devices
Reported on: December 4, 2016
Disclosure status: Privately disclosed. 
A vulnerability allows an unauthorized user to create additional user accounts in tablets resulting in unauthorized access to user data in external storage.
The patch protects tablet devices by removing "add user" feature on lockscreen interface.


SVE-2016-7930: Multiple Buffer Overflow in Qualcomm Bootloader

Severity: Critical
Affected versions: Galaxy S5 with Qualcomm AP chipset
Reported on: December 20, 2016
Disclosure status: Privately disclosed. 
A buffer overflow vulnerability exist in Qualcomm bootloader.
The patch prevents buffer overflow by removing the problematic source code.


SVE-2017-8114, SVE-2017-8116, and SVE-2017-8117: Crash on AudioService via unprotected intent

Severity: Low
Affected versions: KK(4.4), L(5.0/5.1), M(6.0), N(7.0)
Reported on: January 12, 2017
Disclosure status: Privately disclosed. 
Lack of appropriate exception handling in some receivers of the AudioService application allows attackers crash the system easily resulting in a possible DoS attack.
The patch prevents system crashes by handling unexpected exceptions.


¹ Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements

We truely appreciate the following researchers for helping Samsung to improve the security of our products. 

- Costandinos "Dino" Tsagaratos : SVE-2016-7797 
- Frédéric Basse : SVE-2016-7930 
- Qing Zhang of Xiaomi and Guangdong Bai of Singapore Institute of Technology (SIT) : SVE-2017-8114, SVE-2017-8116, SVE-2017-8117 


저작자 표시 비영리 변경 금지
신고
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process.
This SMR package includes patches from Google and Samsung. 

Google patches include patches up to Android Security Bulletin - February 2017 package. 

The Bulletin (February 2017) contains the following CVE items: 
CVE-2016-2108(C), CVE-2016-3915(H), CVE-2016-3916(H), CVE-2015-1465(H), CVE-2016-6729(C), CVE-2015-8964(H), CVE-2016-7915(H), CVE-2016-6786(H), CVE-2016-6787(H), CVE-2016-1583(H), CVE-2016-8399(M), CVE-2016-8405(M), CVE-2016-8410(M), CVE-2016-6690(L), CVE-2015-3288(C), CVE-2015-5706(C), CVE-2016-9120(C), CVE-2016-8412(H), CVE-2016-8444(H), CVE-2016-7042(H), CVE-2017-0403(H), CVE-2016-5345(H), CVE-2016-9754(H), CVE-2016-8468(M), CVE-2016-8470(M), CVE-2016-8471(M), CVE-2016-8472(M), CVE-2016-3853(M), CVE-2017-0399(M), CVE-2017-0400(M), CVE-2017-0401(M), CVE-2017-0402(M), CVE-2016-6754(H), CVE-2017-0388(H), CVE-2017-0405(C), CVE-2017-0406(C), CVE-2017-0407(C), CVE-2017-0409(H), CVE-2016-5552(H), CVE-2017-0410(H), CVE-2017-0411(H), CVE-2017-0412(H), CVE-2017-0415(H), CVE-2017-0416(H), CVE-2017-0417(H), CVE-2017-0418(H), CVE-2017-0419(H), CVE-2017-0422(H), CVE-2017-0425(M), and CVE-2017-0426(M).

* Severity : (C)-Critical,   (H)-High,   (M)-Moderate,   (L)-Low


※ Please see Android Security Bulletin for detailed information on Google patches.



Along with Google patches, Samsung Mobile provides 7 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices¹
Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release. 


SVE-2016-6942: Security issue on package name check logic on SVoice


Severity: Medium
Affected versions: L(5.0/5.1), M(6.0)
Reported on: August 4, 2016
Disclosure status: Privately disclosed. 
There are two SVoice vulnerabilities. One is a Hare hunting vulnerability with insufficient verification when installing applications, and the other allows the provider to be seized by any other applications that uses custom provider without declaring any permission.
The patch fixes SVoice to find the exact applications with proper verification and adds protection to the provider by declaring required permission.


SVE-2016-7123: Crash on InputMethod via unprotected receiver using specific intent


Severity: Low 
Affected versions: KK(4.4), L(5.0/5.1), M(6.0)
Reported on: September 21, 2016
Disclosure status: Privately disclosed. 
The vulnerability in several Recevier components of InputMethod application can result in crash and restart system UI when the malformed serializable objects are passed.
The patch complements the exception handling routine to prevent crash.


SVE-2016-7180: Contact list leakage in logfile via broadcasting unprotected intent


Severity: Low 
Affected versions: M(6.0), N(7.0)
Reported on: September 16, 2016
Disclosure status: Privately disclosed. 
The vulnerability exposes contact information and list of installed applications in the system-accessible log.
The patch removes the problematic code.


¹ Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements


We truely appreciate the following researchers for helping Samsung to improve the security of our products. 

- Quhe of Ant-financial Light-Year Security Lab : SVE-2016-7123 
- Qing Zhang of Xiaomi and Guangdong Bai of Singapore Institute of Technology (SIT) : SVE-2016-7180 

저작자 표시 비영리 변경 금지
신고
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process.
This SMR package includes patches from Google and Samsung.

Google patches include patches up to Android Security Bulletin – November 2016 package.

The Bulletin (November 2016) contains the following CVE items:
CVE-2014-9802(H), CVE-2014-9895(H), CVE-2016-3859(H), CVE-2016-5340(C), CVE-2016-7117(C), CVE-2016-2059(H), CVE-2016-3931(H), CVE-2016-3903(H), CVE-2016-3934(H), CVE-2015-8951(H), CVE-2016-3938(H), CVE-2016-3939(H), CVE-2016-3905(H), CVE-2016-6676(H), CVE-2016-5342(H), CVE-2016-3809(H), CVE-2015-0572(M), CVE-2016-3860(M), CVE-2016-6679(M), CVE-2016-3902(M), CVE-2016-6681(M), CVE-2016-6682(M), CVE-2016-6691(H), CVE-2016-6693(H), CVE-2016-6694(H), CVE-2016-6695(H), CVE-2016-6696(H), CVE-2016-6699(C), CVE-2016-3862(C), CVE-2016-6700(C), CVE-2016-6701(H), CVE-2016-6702(H), CVE-2016-6703(H), CVE-2016-6704(H), CVE-2016-6705(H), CVE-2016-6706(H), CVE-2016-6707(H), CVE-2016-6708(H), CVE-2016-3912(H), CVE-2016-6709(H), CVE-2016-6710(H), CVE-2014-9908(H), CVE-2015-0410(H), CVE-2016-6711(H), CVE-2016-6712(H), CVE-2016-6713(H), CVE-2016-6714(H), CVE-2016-3754(H), CVE-2016-6715(M), CVE-2016-6717(M), CVE-2016-6718(M), CVE-2016-6719(M), CVE-2016-3889(M), CVE-2016-6720(M), CVE-2016-6721(M), CVE-2016-6722(M), CVE-2016-6723(M), CVE-2016-6724(M), CVE-2016-2184(C), and CVE-2014-9874(H).
* Severity : (C)-Critical, (H)-High, (M)-Moderate, (L)-Low

※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 14 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices¹.
Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2016-6343: Unauthorized API access via system service call

Severity: Medium
Affected versions: M(6.0)
Reported on: May 26, 2016
Disclosure status: Privately disclosed.
The vulnerability allowing unauthorized access to system APIs from system service with improper access control enables attackers to control the device screen.
The patch includes checks for access control.


SVE-2016-6736: Kernel Crash on /dev/fimg2d ioctl command

Severity: Medium
Affected versions: All devices with Exynos 5433/54xx/7420 chipsets
Reported on: June 11, 2016
Disclosure status: Privately disclosed.
The fimg2d which is one of the graphic devices for Exynos chipsets doesn’t have exception control routines to handle unexpected commands and it can lead to kernel panic.
The patch prevents kernel panic by ignoring inappropriate commands at the state.


SVE-2016-6853: Use After Free in /dev/fimg2d

Severity: Medium
Affected versions: All devices with Exynos 5433/54xx/7420 chipsets
Reported on: August 5, 2016
Disclosure status: Privately disclosed.
A use-after-free vulnerability in fimg2d allows attackers to gain access to unauthorized data.
The patch with error handling was applied.


SVE-2016-6906: A IDX Out of Bound vulnerability in systemui can make crash and ui restart

Severity: Low
Affected versions: KK(4.4), L(5.0/5.1)
Reported on: August 16, 2016
Disclosure status: Privately disclosed.
One of the activities in SystemUI can produce array index out of bounds exception as a combination of some APIs and it leads to UI restart.
The patch fixes the vulnerability in the corresponding APIs.


SVE-2016-7044: system_server crash, DoS (AntService)

Severity: Low
Affected versions: KK(4.4), L(5.0/5.1), M(6.0)
Reported on: September 6, 2016
Disclosure status: Privately disclosed.
The system services “AntService” doesn’t have proper access control and exception handling. And it allows attackers to use system API of “AntService” and cause rebooting of device by force-crashing the service.
The patch restricts unauthorized access to the “AntService” and filters out improper cases which may cause crash.


SVE-2016-7179 and SVE-2016-7182: Broadcasting unprotected intent can activate Turn off all Sound

Severity: Low
Affected versions: M(6.0)
Reported on: September 22, 2016
Disclosure status: Privately disclosed.
The vulnerability allows unauthorized processes to turn off all sound by broadcasting an unprotected intent.
The patch protects the receiver by changing to protected intent.


SVE-2016-7220 and SVE-2016-7225: Heap-overflow in “tlc_server”

Severity: Medium
Affected versions: M(6.0)
Reported on: September 29, 2016
Disclosure status: Privately disclosed.
There are two overflow vulnerabilities. One is Heap overflow due to passing an improper size when allocating buffers and the other is Integer overflow due to not verifying the bounds of the value.
The patch removes the part of code related with Heap overflow and verifies the range of integer value to prevent Integer overflow.


SVE-2016-7504: Linux kernel race condition on CopyOnWrite (DirtyCOW)

Severity: Critical
Affected versions: All devices
Reported on: October 20, 2016
Disclosure status: Privately disclosed.
Where a lot of write operations and calls to madvise() happens, one of the write operations can reach and write to read-only memory map by a race condition on the Linux kernel when operating with CopyOnWrite(COW) operation.
The fix introduces a new “state” for copy-on-write pages which prevents the race condition.


¹ Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements

We truely appreciate the following researchers for helping Samsung to improve the security of our products.

- Zhaozhanpeng of Cheetah Mobile : SVE-2016-6343
- James Fang and Anthony LAOU HINE TSUEI of Tencent Keen Lab : SVE-2016-6736, SVE-2016-6853
- Quhe of Alipay unLimit Security Team : SVE-2016-6906
- He En of MS509 Team : SVE-2016-7044
- Qing Zhang of Qihoo 360 and Guangdong Bai of Singapore Institute of Technology (SIT) : SVE-2016-7179, SVE-2016-7182
- Gal Beniamini of Google Project Zero : SVE-2016-7220

저작자 표시 비영리 변경 금지
신고
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

티스토리 툴바