Security

BlackBerry releases August 2017 Android Security Update for BlackBerry Android devices

BlackBerry has today rolled out the August 2017 Android Security update to BlackBerry Android devices.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes.

The following vulnerabilities have been remediated in this update:

SummaryDescriptionCVE
Elevation of Privilege in WiFiIn the Wi-Fi service, a copy into a stack structure is not checked for length before the operation is performed.CVE-2017-0712
Remote Code Execution in SfntlyIn the sfntly library used by libskia, a malformed font file could achieve privilege escalation due to an out-of-bounds read and probable write.CVE-2017-0713
Remote Code Execution in MediaserverThere is a missing bounds check in the GetMBHeader() function of the h263 decoder, that could lead to a heap memory overflow. Exploitation of this by a malicious MP4 file could lead to memory corruption and code execution in a privileged process.CVE-2017-0714
Remote Code Execution in MediaserverIn decoder/ih264d_utils.c in ih264d_allocate_dynamic_bufs (of libavc), there is an out-of-bounds write issue, which could lead to remote arbitrary code execution.CVE-2017-0715
Remote Code Execution in MediaserverIn decoder/impeg2d_vld.c in impeg2d_vld_decode (of libmpeg2), a missing bounds check can cause a head buffer overflow that could lead to remote arbitrary code execution in privileged process.CVE-2017-0716
Remote Code Execution in MediaserverIn the mpeg2 decoder, reading a different vertical slice than the one at the current decode position could result in an invalid calculation of the amount of data remaining.CVE-2017-0718
Remote Code Execution in MediaserverIn the mpeg2 decoder, an invalid picture structure could cause an out-of-bounds write, which could lead to memory corruption and code execution in a privileged process.CVE-2017-0719
Remote Code Execution in MediaserverIn decoder/ihevcd_parse_slice.c (of libhevc) a potential memory corruption could occur leading to remote arbitrary code execution.CVE-2017-0720
Remote Code Execution in MediaserverIn decoder/impeg2d_dec_hdr.c in impeg2d_dec_seq_hdr (of libmpeg2), there is no check for a 0 value of u2_width or u2_height. Parsing a malicious media file could lead to a clip dimension change which could lead to an out-of-bounds write leading to a remote arbitrary code execution.CVE-2017-0721
Remote Code Execution in MediaserverIn the h263 decoder, a malformed mpeg4 file could lead to an out-of-bounds write in a privileged process due to a size mismatch between the frame header and the frame body.CVE-2017-0722
Remote Code Execution in MediaserverIn decoder/ih264d_format_conv.c in ih264d_fmt_conv_420sp_to_420sp (of libavc), a heap buffer overflow could occur due to an unchecked num_rows in the memcpy, which could lead to remote arbitrary code execution in privileged process.CVE-2017-0723
Remote Code Execution in MediaserverIn m4v_h263/dec/src/vop.cpp in DecodeShortHeader (of libstagefright), there is no check that the height and width are less than the total video size.CVE-2017-0745
Denial of Service in MediaserverIn decoder/impeg2d_dec_hdr.c in impeg2d_dec_seq_hdr (of libmpeg2), there is no check for a 0 value of u2_width or u2_height.CVE-2017-0724
Denial of Service in MediaserverIn libstagefright/MPEG4Extractor.cpp in MPEG4Extractor::parseMetaData (of libstagefright) a memory leak could lead to resouRemote Code Execution exhaustion which could lead to a remote temporary denial of service.CVE-2017-0726
Denial of Service in MediaserverIn the hevc software decoder, a malformed mpeg4 file could result in a null pointer dereference.CVE-2017-0728
Elevation of Privilege in MediaDrmServerThere is a possible integer overflow in the clearkey plugin for the MediaDrmServer process.CVE-2017-0729
Denial of Service in MediaserverIn the h264 decoder, a malformed mpeg4 file could cause a crash.CVE-2017-0730
Elevation of Privilege in MediaserverIn the mpeg4 encoder, an app could set a zero width or height parameter causing a bad allocation, but change the width or height later. When the encoder is cleaned up, the wrong address is freed, which could to memory corruption and code execution.CVE-2017-0731
Elevation of Privilege in MediaserverThere is a vulnerability in mediaserver where an application could cause a hang in a mediaserver thread creating a graphics buffer. Another thread attempting to use that buffer could cause the reference count to be decremented and the buffer freed. When the creating thread resumes, it uses the buffer that has already been freed, which could lead to memory corruption and code execution.CVE-2017-0732
Denial of Service in MediaserverIn NuPlayerDecoder (of libmediaplayerservice), when processing bad input data, a CHECK abort could lead to a remote temporary denial of service.CVE-2017-0733
Denial of Service in MediaserverIn decoder/ih264d_dpb_mgr.c in ih264d_delete_st_node_or_make_lt (of libavc), a null pointer dereference could lead to a remote temporary denial of service.CVE-2017-0734
Denial of Service in MediaserverIn decoder/ih264d_parse_headers.c in ih264d_parse_sps (of libavc) a crafted media could cause an infinite loop due to improper input validation when changing resolutions which could lead to a remote temporary denial of service.CVE-2017-0735
Denial of Service in MediaserverIn decoder/ih264d_parse_headers.c in ih264d_parse_nal_unit (of libavc) a crafted media could lead to an infinite loop due to missing input validation which could lead to a remote temporary denial of service.CVE-2017-0736
Denial of Service in MediaserverIn decoder/ih264d_parse_headers.c in ih264d_parse_sps (of libavc), improper input validation could lead to remote temporary denial of service when the media stream changes resolution.CVE-2017-0687
Elevation of Privilege in MediaserverIn libgui.so, a missing bounds check could lead to an arbitrary write in a privileged process which could lead to an elevation of privilege.CVE-2017-0737
Information Disclosure in MediaserverInside audioserver the parameters of equalizer Effect_command is not properly checked and could cause an out-of-bounds read leading to information disclosure.CVE-2017-0738
Information Disclosure in MediaserverIn decoder/ihevcd_nal.c in ihevcd_nal_remv_emuln_bytes (of libhevc), an out-of-bounds read could lead to information disclosure.CVE-2017-0739
Remote Code Execution in Broadcom WiFiAfter the patch for CVE-2016-0802 (ANDROID-25306181), if a device had updated the kernel but not the bcm4354 firmware, there were still possible out-of-bounds memory writes if the chip sent a ETHER_TYPE_BRCM packet to the host with a malformed length.CVE-2017-0740
Elevation of Privilege in Kernel File SystemUnvalidated input parameters In the F2FS module could allow for kernel memory corruption, which could result in arbitrary code execution in the TCB.CVE-2017-0750
Elevation of Privilege in KernelIn msm/kernel/trace/trace.c, there is insufficient locking when accessing savedcmd that could result in a use after free, leading to escalation of privilege.CVE-2017-0749
Elevation of Privilege in Qualcomm IPA DriverAn integer overflow in the reference counter variables in the ipa driver could cause a potential use after free leading to elevation of privilege.CVE-2017-0746
Elevation of Privilege Elevation of Privilege in Qualcomm ComponentThe qseecomd process has CAP_SYS_ADMIN and CAP_NET_RAW capabilities which are not necessary.CVE-2017-0747
Elevation of Privilege Elevation of Privilege in Qualcomm Video DriverIn the /dev/graphics/fb0 driver when running a 32-bit kernel, there is an out-of-bounds write that could lead to escalation of privilege.CVE-2017-9678
Elevation of Privilege Elevation of Privilege in Qualcomm MobiCore DriverReading from /sys/kernel/debug/trustonic_tee/info, on devices where it exists, could lead to an escalation of privilege, due to insufficient locking.CVE-2017-9691
Elevation of Privilege in Qualcomm USB DriverIn rndis_qc_bind_config_vendor and related functions, access to the _rndis_qc variable is not protected by a lock. There is a possible use after free vulnerability that could lead to escalation of privilege.CVE-2017-9684
Information Disclosure in Qualcomm GPU DriverThere is an improper locking causing use after free issue in kgsl device which could lead to information disclosure.CVE-2017-9682
Information Disclosure in Qualcomm SoC DriverIn the qbt1000 driver, a user space string is copied into local buffer without ensuring that it is properly NULL terminated.CVE-2017-9679
Information Disclosure in Qualcomm SoC DriverUninitialized variables in the qbt1000 driver could lead to information disclosure.CVE-2017-9680
Information Disclosure in Qualcomm Audio DriverIn the audio driver, a missing return value check together with an uninitialized local variable could lead to information disclosure.CVE-2017-0748
Information Disclosure in Qualcomm Radio DriverThe function iris_vidioc_s_ext_ctrls directly dereferences a user-passed pointer as a string, which could lead to information disclosure.CVE-2017-9681
Information Disclosure in Qualcomm Networking DriverIn __wlan_hdd_change_station, the length of params->ext_capab has insufficient checks, which could lead to information disclosure due to an out-of-bounds read.CVE-2017-9693
Information Disclosure in Qualcomm Networking DriverIn __wlan_hdd_cfg80211_extscan_set_bssid_hotlist, the policy used to enfoRemote Code Execution the size of the attributes for nla_parse does not include an entry for QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE, which could lead to a possible out-of-bounds read and information disclosure.CVE-2017-9694
Elevation of Privilege in Qualcomm QCE DriverMultiple IOCTLs within the QCE driver use a non-validated field provided by the user.CVE-2017-0751

If you own an Android device from BlackBerry and are not seeing the system update message, you can check manually by heading into Settings -> About phone -> System updates and checking manually. Look for the following Android security patch level August 5, 2017 or later.

Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules.

 

Rapid Mobile

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking I Accept, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies.Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Decline all Services
Accept all Services