728x90
LG Mobile Security Maintenance Release Summary (SMR)
The January Security Bulletin contains the patches for the vulnerabilities from Google and LG. The most severe of these vulnerabilities is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files. The security patch level is [2107-01-01] and the patches contains the fix for the CVE items and the 8 LVE items. The LG vulnerabilities and exposures (LVE) items are described in detail below.
Security issues Summary
LG Vulnerabilities and Exposures(LVE) Items from LG
- critical: LVE-SMP-160019
- high: LVE-SMP-160013,LVE-SMP-160014
- moderate: LVE-SMP-160011,LVE-SMP-160015,LVE-SMP-160017,LVE-SMP-160018
- low: LVE-SMP-160012
Security issues Details
You can see the detail information on Google patches from Android Security Bulletin site.There is a description of the security issue, a severity, affected devices information and date reported.
LVE-SMP-160019- Severity : Critical
- Date reported : Nov 17, 2016
- Affected device Informaion : L(5.0/5.1), M(6.0/6.0.1), N(7.0) devices with MTK chipset
- Description :
MTKLogger application that logs personal information to storage without user consent can be started by third-party application without user consent.
- Severity : High
- Date reported : Nov 15, 2016
- Affected device Informaion : Devices with LG Touchscreen driver
- Description :
An elevation of privilege vulnerability in write_file/write_log of LG touch driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
- Severity : High
- Date reported : Nov 15, 2016
- Affected device Informaion : L(5.0.2), M(6.0) device using LG felica driver
- Description :
An elevation of privilege vulnerability in the LG felica drivers can be exploited to gain read/write access to kernel memory.
- Severity : Moderate
- Date reported : Nov 15, 2016
- Affected device Informaion : L(5.0/5.1), M(6.0/6.0.1), N(7.0)
- Description :
The lgdrmserver binder service can be crashed by multiple race condition. the fix is add safe lock to prevent it.
- Severity : Moderate
- Date reported : Nov 15, 2016
- Affected device Informaion : Devices with LG Touchscreen driver
- Description :
An elevation of privilege vulnerability in lge_touch_core of LG touch driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
- Severity : Moderate
- Date reported : Nov 15, 2016
- Affected device Informaion : Devices with LG Touchscreen driver
- Description :
An elevation of privilege vulnerability in touch_synaptics/reg_ctrl of LG touch driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
- Severity : Moderate
- Date reported : Nov 15, 2016
- Affected device Informaion : L(5.0/5.1), M(6.0/6.0.1), N(7.0) devices with LG fc8080 tdmb driver
- Description :
Elevation of privilege vulnerability in LG fc8080 tdmb driver could enable usermode supplies a kernel address as the ioctl argument, this will result in kernel memory corruption and can likely be exploited to achieve privilege elevation.
- Severity : Low
- Date reported : Nov 15, 2016
- Affected device Informaion : L(5.0/5.1), M(6.0/6.0.1), N(7.0) devices using snapdragon 801, 808, 820
- Description :
Directory traversal vulnerability in lghashstorageserver binder service could enable an app to read and write 0x20 bytes from any files in the context of the lghashstorageserver. It will result in system file compromised and can be likely to be exploited to achieve privilege elevation.
728x90
'취약점 정보2' 카테고리의 다른 글
| Apache Tomcat Information Disclosure (0) | 2017.01.06 |
|---|---|
| 삼성 모바일 2017년 1월 정기 업데이트 (0) | 2017.01.06 |
| QNAP NAS Devices suffer of heap overflow (0) | 2017.01.03 |
| Apache Qpid Broker for Java - Information Leakage (0) | 2016.12.29 |
| Mozilla Foundation Security Advisory 2016-96 (0) | 2016.12.29 |