Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process.
This SMR package includes patches from Google and Samsung.
Google patches include patches up to Android Security Bulletin – November 2016 package.
The Bulletin (November 2016) contains the following CVE items:
CVE-2014-9802(H), CVE-2014-9895(H), CVE-2016-3859(H), CVE-2016-5340(C), CVE-2016-7117(C), CVE-2016-2059(H), CVE-2016-3931(H), CVE-2016-3903(H), CVE-2016-3934(H), CVE-2015-8951(H), CVE-2016-3938(H), CVE-2016-3939(H), CVE-2016-3905(H), CVE-2016-6676(H), CVE-2016-5342(H), CVE-2016-3809(H), CVE-2015-0572(M), CVE-2016-3860(M), CVE-2016-6679(M), CVE-2016-3902(M), CVE-2016-6681(M), CVE-2016-6682(M), CVE-2016-6691(H), CVE-2016-6693(H), CVE-2016-6694(H), CVE-2016-6695(H), CVE-2016-6696(H), CVE-2016-6699(C), CVE-2016-3862(C), CVE-2016-6700(C), CVE-2016-6701(H), CVE-2016-6702(H), CVE-2016-6703(H), CVE-2016-6704(H), CVE-2016-6705(H), CVE-2016-6706(H), CVE-2016-6707(H), CVE-2016-6708(H), CVE-2016-3912(H), CVE-2016-6709(H), CVE-2016-6710(H), CVE-2014-9908(H), CVE-2015-0410(H), CVE-2016-6711(H), CVE-2016-6712(H), CVE-2016-6713(H), CVE-2016-6714(H), CVE-2016-3754(H), CVE-2016-6715(M), CVE-2016-6717(M), CVE-2016-6718(M), CVE-2016-6719(M), CVE-2016-3889(M), CVE-2016-6720(M), CVE-2016-6721(M), CVE-2016-6722(M), CVE-2016-6723(M), CVE-2016-6724(M), CVE-2016-2184(C), and CVE-2014-9874(H).
Along with Google patches, Samsung Mobile provides 14 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices¹.
Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.
Severity: Medium
Affected versions: M(6.0)
Reported on: May 26, 2016
Disclosure status: Privately disclosed.
The vulnerability allowing unauthorized access to system APIs from system service with improper access control enables attackers to control the device screen.
The patch includes checks for access control.
Severity: Medium
Affected versions: All devices with Exynos 5433/54xx/7420 chipsets
Reported on: June 11, 2016
Disclosure status: Privately disclosed.
The fimg2d which is one of the graphic devices for Exynos chipsets doesn’t have exception control routines to handle unexpected commands and it can lead to kernel panic.
The patch prevents kernel panic by ignoring inappropriate commands at the state.
Severity: Medium
Affected versions: All devices with Exynos 5433/54xx/7420 chipsets
Reported on: August 5, 2016
Disclosure status: Privately disclosed.
A use-after-free vulnerability in fimg2d allows attackers to gain access to unauthorized data.
The patch with error handling was applied.
Severity: Low
Affected versions: KK(4.4), L(5.0/5.1)
Reported on: August 16, 2016
Disclosure status: Privately disclosed.
One of the activities in SystemUI can produce array index out of bounds exception as a combination of some APIs and it leads to UI restart.
The patch fixes the vulnerability in the corresponding APIs.
Severity: Low
Affected versions: KK(4.4), L(5.0/5.1), M(6.0)
Reported on: September 6, 2016
Disclosure status: Privately disclosed.
The system services “AntService” doesn’t have proper access control and exception handling. And it allows attackers to use system API of “AntService” and cause rebooting of device by force-crashing the service.
The patch restricts unauthorized access to the “AntService” and filters out improper cases which may cause crash.
Severity: Low
Affected versions: M(6.0)
Reported on: September 22, 2016
Disclosure status: Privately disclosed.
The vulnerability allows unauthorized processes to turn off all sound by broadcasting an unprotected intent.
The patch protects the receiver by changing to protected intent.
Severity: Medium
Affected versions: M(6.0)
Reported on: September 29, 2016
Disclosure status: Privately disclosed.
There are two overflow vulnerabilities. One is Heap overflow due to passing an improper size when allocating buffers and the other is Integer overflow due to not verifying the bounds of the value.
The patch removes the part of code related with Heap overflow and verifies the range of integer value to prevent Integer overflow.
Severity: Critical
Affected versions: All devices
Reported on: October 20, 2016
Disclosure status: Privately disclosed.
Where a lot of write operations and calls to madvise() happens, one of the write operations can reach and write to read-only memory map by a race condition on the Linux kernel when operating with CopyOnWrite(COW) operation.
The fix introduces a new “state” for copy-on-write pages which prevents the race condition.
¹ Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.
We truely appreciate the following researchers for helping Samsung to improve the security of our products.
- Zhaozhanpeng of Cheetah Mobile : SVE-2016-6343
- James Fang and Anthony LAOU HINE TSUEI of Tencent Keen Lab : SVE-2016-6736, SVE-2016-6853
- Quhe of Alipay unLimit Security Team : SVE-2016-6906
- He En of MS509 Team : SVE-2016-7044
- Qing Zhang of Qihoo 360 and Guangdong Bai of Singapore Institute of Technology (SIT) : SVE-2016-7179, SVE-2016-7182
- Gal Beniamini of Google Project Zero : SVE-2016-7220
'취약점 정보2' 카테고리의 다른 글
V3 제품군(개인용/기업용) 12월 정기패치 관련 공지 (0) | 2016.12.07 |
---|---|
BSD libc contains a buffer overflow 업데이트 권고 (0) | 2016.12.07 |
삼성 모바일 안드로이드 12월 정기 보안 업데이트 공지 (0) | 2016.12.06 |
phpMyAdmin에 여러 취약점 (0) | 2016.12.06 |
**골프장사이트 파밍 악성코드 주의 (0) | 2016.12.05 |