SB2018011324 - Information disclosure in Google, Google Android
Published: January 13, 2018 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2017-13218)
The vulnerability allows a local authenticated user to gain access to sensitive information.
Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear could be used for side channel attacks and this could lead to local information disclosure with no additional execution privileges needed in FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, QCN5502, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845.
Remediation
Install update from vendor's website.
References
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.securityfocus.com/bid/102390
- http://www.securitytracker.com/id/1040106
- https://source.android.com/security/bulletin/2018-01-01
- https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin